We are building a two tier 2012 R2 PKI with an offline stand alone Root CA and an online issuing CA.
Do we need to create a CAPolicy.inf file on the Root CA?
It is my understanding that one of the reasons for that file is to prevent the creation of CDP and AIA distribution points on that local machine ie the offline Root CA.
I know back in the day when we built our 2003 servers we had one, but has nothing changed in the last decade? Is there a wizard we can use instead to tell the configuration not to configure those local distribution points?
So please advise if the CAPolicy.inf file is still prevalent?