I have a two-tier PKI setup: offline root and an issuing CA joined to the AD domain.
When I open Enterprise PKI everything is OK except for the HTTP CDP and AIA locations. They all say "Unable to Download".
All LDAP locations report OK, and issuing and root certificates show OK.
I copy the URL for the AIA and CDP HTTP locations into a browser and they download without issue.
I also ran certutil -verify -urlfetch for the .crt file and received this output:
Verified "Certificate (0)" Time: 0
[0.0] ldap:///<removedforprivacy>?cACertificate?base?objectClass=certificationAuthority
Failed "AIA" Time: 0
Error retrieving URL: The server name or address could not be resolved 0x80072ee7 (WIN32: 12007)
http://www.domainname.com/Certdata/rootca.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (0a)" Time: 0
[0.0] ldap:///CN=<removedforprivacy>?certificateRevocationList?base?objectClass=cRLDistributionPoint
Failed "CDP" Time: 0
Error retrieving URL: The server name or address could not be resolved 0x80072ee7 (WIN32: 12007)
http://www.domainname.com/Certdata/rootca.crlI can't figure out why it can't see those files over HTTP. They are definately there. Does anyone know what else I can check?