Re: Certificate Authority

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Steve Cook" <scook_nospam@xxxxxxxx>
Date: Tue, 28 Aug 2007 12:40:17 -0400

Microsoft Support provided the solution. On the CA properties Extensions tab
the CRL and Delta CRL were not flagged to be published to the CertEnroll
folder.

"Steve Cook" <scook_nospam@xxxxxxxx> wrote in message
news:OrbkB8c5HHA.2108@xxxxxxxxxxxxxxxxxxxxxxx

I have a stand-alone internal CA which appears to silently fail to publish
its revocation list. I can view revoked certificates and publishing either
new or delta produces no displayed or logged errors. However, the CRL is
empty and has an old timestamp. Can anybody give me pointers on how to
resolve this? This is a fully patched Windows 2003 workgroup server.

References:
- Certificate Authority
  - From: Steve Cook

Prev by Date: Re: Thanks
Next by Date: Re: Terminal Server logon problem
Previous by thread: Certificate Authority
Next by thread: New computer, several domain users, profile problems
Index(es):
- Date
- Thread

Relevant Pages

RE: Questions about new PKI infrastructure
... <RasmusRask> ... Do I only have to worry about CDP, AIA, key length and ... publishing interval for AIA had to be specified. ... Include in the CRL distribution point extension of issued certificates ...
(microsoft.public.windows.server.general)
Re: CRL Distribution Point on http://pki.companyname.com/certdata
... the CRL of the offline RootCA has to be published manually. ... this publishing works fine for LDAP publishing. ... not aware of an automated manner with an offline root, ...
(microsoft.public.security)
Re: CRL Distribution Point on http://pki.companyname.com/certdata
... Delta CRL: ... The account that runs the scheduled tasks must be ... this publishing works fine for LDAP publishing. ... not aware of an automated manner with an offline root, ...
(microsoft.public.security)
Re: CRL Distribution Point on http://pki.companyname.com/certdata
... Delta CRL: ... this publishing works fine for LDAP publishing. ... ..is an MCSE 2003 and MCDBA ... not aware of an automated manner with an offline root, ...
(microsoft.public.security)
Re: Base CRL OverIssuing and Delta CRL Conflicts
... the freshness of the CRL which is cached by a DC. ... publication of a base CRL I'd be extremely interested to learn. ... The D-CRL issue I raised is more difficult to explain... ... The big problem with your scenario is a misunderstanding on how a delta CRL is built. ...
(microsoft.public.windows.server.security)