Quantcast
Channel: Security forum
Viewing all articles
Browse latest Browse all 12072

revoked subCA PKIView error

$
0
0

Hi all,

I have 2 tiers PKI hioricky as below:

Offline RootCA=RootCA

Old SubCA=Hyperv1

New SubCA=DC

So what I did can be summarized as below:

1. build a new SubCA server called DC

2. submit the new SubCA request

3. revoked the old SubCA on RootCA

4. change the CDP and AIA location on RootCA

5. re-publish the CRL

6. Clean up the object followed by http://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx

Now the new SubCA start issue out new certificate without any problem, but the problem is when i open pkiview, I can see the old CDP and AIA is still there and saying "unable to download"

I've wait for a week to let the exchange-ca certificate re-issued, but still the same

If i run command certutil -getreg ca\crlpublishcationurls, i can get all new CDP and AIA location

Did I missed some steps, why I can still can see the old CDP and AIA location in pkiview



Ricky's Blog



Viewing all articles
Browse latest Browse all 12072

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>