I have deployed a WindowsCA. I have an offline Root CA and an Enterprise Suboridinate. We issue all the certificates from the subordinate. After checking some configuration, I noticed the url used for the CRLs is invalid and clients cannot communicate to check CRLs. I need to add a valid CRL location. My questions below
1. how will this effect existing certificates in the wild? I am OK knowing the existing certs out there will not be checked for revocation as long as new Certs are.
2. Do I need to re-key and distribute a new Subordinate certificate after I modify the Extensions (CDP/AIA)?
If I add a new CRL location, will new certificates issued by the Subordinate receive the CRL location or do I need to rekey my Subordinate CA for this to work? thank you for your help thus far.