Just wanted to share a scenario and get your experts opinion.
I have been working in a 2 tier topology having the root CA as stand alone office. While having the issuing CA as Enterprise Subordinate.
The defualt CDP & AIA URL's locations apprears to be a local file path in the subordinate CA certificate.
Having a certificate SSL certificate issued for one of my webserver, it gives me error while checking for the chain of trust. Since the root CA's CRL verification locations are not valid. Later i have created new CDP & AIA locations URLs on the ROOT CA pointing toward a share folder on the Enterprise Subordinate CA, and reissued the certificate for the subordinate CA.
Now while executing the "certutil -URL C:\SUB_CA_CERT\SUB-CA-Cert.crt" i get the "Failed" stautus against both CDP & AIA URL paths. Whereas, those path are located on the same server under a shared directory and are accessible to all the Authenticated Users in my domain.
Any ideas or suggestion please share. Thanks.
For CRL and CRT file retrieval only HTTP and LDAP protocols are supported. Absolute and UNC paths are allowed only for file publishing.
THANK YOU!! I spent hours trolling the unhelpful Microsoft support pages. You have saved me!
....You may ask: where this requirement is described? I really don't know and there is no MSDN article that will describe this....
MSDN says that this parameter is UNICODE string. That defines this requirement you stumbled upon. So, everything is documented correctly in MSDN.
© 2008 - 2019 - Sysadmins LV. All rights reserved