Hi
I've been test building this on the bench prior to deployment.
I have;
1x Offline Root CA
1x Online Intermediate Subordinate Enterprise CA
2x Issuing Enterprise Subordinate Enterprise CA's
1x Issuing Enterprise Subordinate Enterprise CA (will be in a trusted domain in the DMZ) (seeded from the Intermediate)
1x Web server providing CRL/AIA/OCSP
I've got it all up and working, but if I look in the Enterprise PKI console I've got an error on my Offline Root.
Fair enough, I've checked in ADSIEdit and that path does not exist (probably because its an offline root CA and not a domain member!)
I'm pretty certain that it's there because, (post setup) I ran the following commands on the root CA............
Certutil –setreg CA\CACertPublicationURLs “1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11\n2:http://pki.group.homeg.com/pki/%1_%3%4.crt”
Certutil –setreg CA\CRLPublicationURLs “1:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl\n10:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10\n2:http://pki.group.homeg.com/pki/%3%8%9.crl”
I'm assuming the second command above is the cause of the problem? (please confirm).
So my question is, should I NOT have done that? (had the ldap path in the CDP locations)? or should it be there and the error is normal and safe to ignore? If it shouldNOT have been there, what is the correct syntax that I should have used?
Regards,
Pete
Regards Pete Long http://www.petenetlive.com