We are having issues with our PKI infrastructure. We have an offline root ca and an enterprise subordinate CA running on windows 2012 r2.
I want to verify the health of the pki.
1. Is the root CA certificate valid
2. Is the root CRL still valid
3. Is the subordinate CA certificate valid,
4. Is the subordinate CA CRL still valid.
Certificates issued earlier and were working fine are now showing errors like “revocation check failed”.
How do I verify the PKI components are healthy and are valid.