|
Posted by Brian Komar \(MVP\) on August 27, 2008, 11:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
You can select the publication point, but:
1) You must manual configure the LDAP path DSConfigDN where you define the
%6 value to the Configuration naming context
2) you must manually publish the CRL to the CDP location (and AIA if
defined) using certutil -dspublish
The standalone subordinate will not be able to get the CRl from the LDAP
path (if you use defaults)
the standalone has no idea about DCs and cannot resolve an LDAP:/// path to
be the nearest DC
So you must manually inject the updated root CRL into the cache by using
certutil -addstore root rootcrl.crl
Brian
> When setting up a standalone CA on Server 2003 Standard you can select the
> LDAP CRL publish location but since it is not an Enterprise CA does it
> still
> publish the CRL into Active directory?
>
> Reason I ask is I created a Root CA standlone on a Server 2003 standard
> domain member. Then created a standalone subordinate on Server 2003
> standard
> domain member and it complained about not being able to check the CRL when
> I
> grabed the cert from the Root. I understood this meant either the CRL
> isnt
> publihsed or not reachable. Any ideas?
| 
XML site map