In my CA policy for the root I do have the
[CRLDistributionPoint]
Empty=True
[AuthorityInformationAccess]
Empty=True
For the post scripts I have the following. Trying to make sure I have this correct and am not missing something or too many or not enough %'s etc. Trying to not have the server names in my certs as I currently do from using the default settings and that I have the N numbers correct.
RootCApost script section
REM Set Variables
set WebServer=pki.domain.com
set WebDir=crl
set ShortCAName=DomainRootCA
REM Add CDP Locations
certutil -setreg CA\CRLPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%ShortCAName%%%3%%8%%9.crl\n2:http://%WebServer%/%WebDir%/%ShortCAName%%%8%%9.crl\n3:ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10"
REM Add AIA Locations
certutil -setreg CA\CACertPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%ShortCAName%%%4.crt\n2:http://%WebServer%/%WebDir%/%ShortCAName%%%4.crt\n3:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11"
IssuingCApost script section
REM Set Variables
set WebServer=pki.domain.com
set WebDir=crl
set ShortCAName=DomainRootCA
REM Add CDP Locations
certutil -setreg CA\CRLPublicationURLs "65:%windir%\system32\CertSrv\CertEnroll\%ShortCAName%%%3%%8%%9.crl\n6:http://%WebServer%/%WebDir%/%ShortCAName%%%8%%9.crl\n79:ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10"
REM Add AIA Locations
certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%ShortCAName%%%4.crt\n2:http://%WebServer%/%WebDir%/%ShortCAName%%%3%%4.crt\n3:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11"
Thx