Hi everyone,
i have a question regarding a two tier ca.
my szenario:
offline root ca - windows srv 2012 standard version (no member srv, no ad)
subca - windows
srv 2012 datacenter (memberserver) with iis for cdp
Target: client certificates for 802.1x authentication
so, i read everywhere that is recommendet, that the root cert have no cdp entry.
For my understanding, every certificate has it´s own crl for revocation checking.
When my root cert has no cdp then i can´t revoke the sub ca, is this correct?
After installing of my offline root ca (with capolicy.inf) i configure my cdp to a http adresss, but where is this information in the certificate?
Thx for help!