Avatar of jbla9028
jbla9028
Flag for United States of America asked on

WindowsCA Certificate Revocation Checking

I have deployed a WindowsCA. I have an offline Root CA and an Enterprise Suboridinate. We issue all the certificates from the subordinate. After checking some configuration, I noticed the url used for the CRLs is invalid and clients cannot communicate to check CRLs. I need to add a valid CRL location. My questions below

1. how will this effect existing certificates in the wild? I am OK knowing the existing certs out there will not be checked for revocation as long as new Certs are.

2. Do I need to re-key and distribute a new Subordinate certificate after I modify the Extensions (CDP/AIA)?


Thank you in advance.
Windows Server 2012

Avatar of undefined
Last Comment
jbla9028

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
David Johnson, CD

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
jbla9028

ASKER
If I add a new CRL location, will new certificates issued by the Subordinate receive the CRL location or do I need to rekey my Subordinate CA for this to work? thank you for your help thus far.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck