Hi all, we have a 2-tier PKI hierarchy with an offline Root (2012) and an Enterprise Subordinate Issuing CA (2008r2).
We had to re-issue the certificate to the subordinate CA to include some new AIA details, and after this process we revoked the old subordinate CA cert from the root. When we issued the new certificate to the
subordinate CA we republished the Root CA CRL and copied it to the relevant domain and published it successfully along with installing the new CA cert.
The issue is now whenever I view the properties of the Revoked Certificates container in Certification Authority console (of the subordinate CA), we get the message "CA certificate for this CRL has been revoked" with a key index of 0. No other entries exist for CRLs or Delta CRLs. Checking PKIVIEW shows no errors, and I can actually view the CRL file (although it doesn't look complete, it's missing quite a few revoked certificates in comparison to the Certification Authority console) and can also publish a new CRL without any errors.
No error messages in the event log either and as far as I can tell everything else is working fine, I have my doubts as to whether revocation is working though due to this issue.
Any ideas? Thanks in advance