hello ,
i have configured 2 teir hirarchy in my organization and seems to be working fine as clients started connecting to the domain controller and they are getting the correct certificates
however when i tried to run the verification command to verfiy that my certificate is correct i got the below results :
Template: SubCA
c6 6a fe 6e 90 b8 28 69 76 11 3d fe c6 ee 54 9f e0 67 27 67
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
---------------- Certificate AIA ----------------
Failed "AIA" Time: 0
Error retrieving URL: The request is not supported. 0x80070032 (WIN32: 50)
file://RootCA/CertEnroll/RootCA_Root Certification Authority.crt
---------------- Certificate CDP ----------------
Failed "CDP" Time: 0
Error retrieving URL: The request is not supported. 0x80070032 (WIN32: 50)
file://RootCA/CertEnroll/Root Certification Authority.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
--------------------------------
ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocat
ion server was offline. 0x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
CertUtil: -verify command completed successfully.
any one tell me if my certificate setups is correct ?