I am implementing a PKI solution that will only be used internally (for now). I have designed the solution so the AIA is only using http, to allow for any potential future requirement for clients external to the forest to access the system.
I am debating whether I should rename the path listed in the AIA extension from <ServerDNSName>_<CaName><CertificateName>.crt to just <CaName><CertificateName>.crt. I understand the benefits in hiding the server name from being listed in any issued certificates, but am unclear on what drawbacks there would be, if any in this approach? Is anyone using this method to further secure ADCS?
The drawback I see is that if the crt file with the default naming convention does not exist, it is recreated the next time the ADCS service starts.
I should add that the environment I am implementing this solution in is secured from the rest of our estate.
Thanks
Darren