asked on WindowsCA Certificate Revocation Checking
I have deployed a WindowsCA. I have an offline Root CA and an Enterprise Suboridinate. We issue all the certificates from the subordinate. After checking some configuration, I noticed the url used for the CRLs is invalid and clients cannot communicate to check CRLs. I need to add a valid CRL location. My questions below
1. how will this effect existing certificates in the wild? I am OK knowing the existing certs out there will not be checked for revocation as long as new Certs are.
2. Do I need to re-key and distribute a new Subordinate certificate after I modify the Extensions (CDP/AIA)?
Thank you in advance.
1. how will this effect existing certificates in the wild? I am OK knowing the existing certs out there will not be checked for revocation as long as new Certs are.
2. Do I need to re-key and distribute a new Subordinate certificate after I modify the Extensions (CDP/AIA)?
Thank you in advance.
Windows Server 2012
Last Comment
jbla9028
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
If I add a new CRL location, will new certificates issued by the Subordinate receive the CRL location or do I need to rekey my Subordinate CA for this to work? thank you for your help thus far.