I corrected my CDP/AIA points on RootCA (so it is correct for the chain)
I re-newed SubCA certificate (now I have 2 certificated in properties, one "old" with wrong CDP/AIA & one "new" with correct points as per:
http://technet.microsoft.com/en-us/library/cc776691(v=ws.10).aspx
But on the clients SubCA Intermediate (issuung) CA certificate is still the old one.
I only done GPO (as per book) for RootCA.cer only
Where does the SubCA certificate comes from to the clients machines ? (not from GPO - it it from AD)
And how do I change it for the "new" certificate with correct CDP/AIA
Am I supposed to revoke the "old" SubCA certificate?
Seb