Historical Content Alert

This is a historical content for Windows 2000 product and is presented for informative purposes only. All content on this page is copyrighted and owned by Microsoft.

Comments by Vadims Podāns:

06.04.2022: %7 variable in CDP/AIA extension truncates the CA name string to 51 character, not 32. Source: [MS-WCCE] §3.1.1.4.1.1.


To specify CA certificate access points in issued certificates

  1. Log on to the system as an Administrator.
  2. Open Certification Authority.
  3. In the console tree, click the name of the certification authority (CA).

     

    • Certification Authority (computer)
    • CA name
  4. On the Action menu, click Properties.
  5. On the Policy Module tab, click Configure
  6. On the X.509 extensions tab, under Authority Information Access, specify the locations from which users can obtain the certificate for this CA.
    To Do this
    Add a URL that will be published as part of any certificate issued by a CA. Click Add, then type a URL where users can obtain the CA's certificate.
    Remove an authority information URL from the list on issued certificates. Click the URL and then click Remove.
    Indicate that that you do not want to use a URL as an authority information access point in certificates without removing it from the list. Clear the URL's check box.
    Indicate that a URL can now be used as an authority information access point. Select the URL's check box.
  7. Stop and restart the Certificate Services service.

Notes

  • To open Certification Authority, click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.
  • Authority information access URLs can be either HTTP, FTP, LDAP, or FILE addresses. You can use the following variables when specifying the address of the authority information access point:

    Variable Value
    %1 The DNS name of the certification authority server
    %2 The NetBIOS name of the certification authority server
    %3 The name of the certification authority
    %4 The renewal extension of the certification authority
    %5 The location of the domain root in Active Directory
    %6 The location of the configuration container in Active Directory
    %7 The "sanitized" name of the certification authority, truncated to 32 characters with a hash on the end
  • To stop and restart the Certificate Services service, see Related Topics.

Share this article: