Hi all,
I have 2 tiers PKI hioricky as below:
Offline RootCA=RootCA
Old SubCA=Hyperv1
New SubCA=DC
So what I did can be summarized as below:
1. build a new SubCA server called DC
2. submit the new SubCA request
3. revoked the old SubCA on RootCA
4. change the CDP and AIA location on RootCA
5. re-publish the CRL
6. Clean up the object followed by http://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx
Now the new SubCA start issue out new certificate without any problem, but the problem is when i open pkiview, I can see the old CDP and AIA is still there and saying "unable to download"
I've wait for a week to let the exchange-ca certificate re-issued, but still the same
If i run command certutil -getreg ca\crlpublishcationurls, i can get all new CDP and AIA location
Did I missed some steps, why I can still can see the old CDP and AIA location in pkiview