System Administrator

Paul Walsh

<div>
Hi David, 
 
Thankyou for your response. I setup the IIS server first, and the DNS part pointing to it. As part of the ROOTCa install I ran the following in powershell: 
 
Certutil –setreg CA\CACertPublicationURLs “1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11\n2:<a href="http://pki.cabench.com/pki/%1_%3%4.crt”" rel="ugc nofollow">http://pki.cabench.com/pki/%1_%3%4.crt”</a> 
 
Certutil –setreg CA\CRLPublicationURLs “1:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl\n10:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10\n2:<a href="http://pki.cabench.com/pki/%3%8%9.crl”" rel="ugc nofollow">http://pki.cabench.com/pki/%3%8%9.crl”</a> 
 
If I understand you correctly, should I omit the first part &quot;1:C:|Windows..........&quot; and only include the ldap and http pointer? Should that also be the case for CRL URL? 
 
That being said, is there any way to succesfully fix the current test environemnt (I have tried removing the file pointer, however it still remains, even if no entries exist in the AIA section. 
 
Thanks for your help. 
Paul
</div>

<div>
remove all but the url. 
you have to reissue all the certificates
</div>

<div>
Hi, 
 
Will give it a go and let you know how I get on. 
 
Thanks for your help. 
Paul
</div>

<div>
Hi, Unfortunatley I have been pulled onto other things, so it might be a while before I can really test. Ill award the points anyway, and I can always ask again if i hit any further snags. Thanks Again. Paul
</div>

<div>
<div class="content wysiwyg-content">
Hi All, 
 
I am setting up a 2 tier PKI environemnt with two server core 2016 servers following this guide. <a href="https://www.petenetlive.com/KB/Article/0001312" rel="ugc">https://www.petenetlive.com/KB/Article/0001312</a> 
 
I have more or less got it up and running but I am hitting a snag with the AIA location for the offline ROOTCA. Within pkiview (from the management pc) it tells me it cannot download the file: ////TEST-ROOTCA_TEST-ROOTCA-CA.crt 
 
Within the extensions tab the AIA has the following locations: 
 
C:\Windows\system32\CertSrv\CertEnroll\&lt;ServerDNSName&gt;_&lt;CaName&gt;&lt;Certificate Name&gt;.crt 
ldap:///CN=&lt;CATruncatedName&gt;&lt;CN=AIA,CN=Public Key Services,CN=services,&lt;ConfigurationContainer&gt;&lt;CAObjectClass&gt; 
<a href="http://pki.test.local/CertEnroll/" rel="ugc">http://pki.test.local/CertEnroll/</a>&lt;ServerDNSName&gt;_&lt;CAName&gt;&lt;CertificateName.crt&gt; 
 
However If i navigate to the Certenroll folder on the root server I can see the cert in there. I have attached snippets of a few screnngrabs showing the error, and the settings / troublseome cert. 
 
What am i missing? 
 
Thankyou, 
Paul
</div>
</div>

Hi All,

I am setting up a 2 tier PKI environemnt with two server core 2016 servers following this guide. https://www.petenetlive.com/KB/Article/0001312

I have more or less got it up and running but I am hitting a snag with the AIA location for the offline ROOTCA. Within pkiview (from the management pc) it tells me it cannot download the file: ////TEST-ROOTCA_TEST-ROOTCA-CA.crt 

Within the extensions tab the AIA has the following locations:

C:\Windows\system32\CertSrv\CertEnroll\<ServerDNSName>_<CaName><Certificate Name>.crt
ldap:///CN=<CATruncatedName><CN=AIA,CN=Public Key Services,CN=services,<ConfigurationContainer><CAObjectClass>
http://pki.test.local/CertEnroll/<ServerDNSName>_<CAName><CertificateName.crt>

However If i navigate to the Certenroll folder on the root server I can see the cert in there. I have attached snippets of a few screnngrabs showing the error, and the settings / troublseome cert.

What am i missing?

Thankyou,
Paul

Certificate Services AIA Location error

Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.

Windows 10

Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.

Azure

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.