Hi
For a customer I deployed a new PKI based on Windows Server 2012 since the old one was toasted. Anyway, rather quick and easy as it is a small environment.
One of the services that required certificates is the VMWare environment they are using. When trying to install the certificates to the keystore in Java using keytool it fails. As far as I can understand, it fails due to the fact that there are spaces in the LDAP path for "CN=Public Key Services".
Comparing to a 2008R2 CA, the registry shows the same path as on a Server 2012 but in the CA properties/extensions in the MMC and on the generated certs, the space has been substituted for "%20", like this "CN=Public%20Key%20Services".
The error message received is (repeated for root cert and both CDP and AIA)
Unparseable AuthorityInfoAccess extension due to java.io.IOException: invalid URI name:ldap:///CN=MyFancyRootCA,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=mydomain,DC=net?cACertificate?base?objectClass=certificationAuthority
Names obviously changed but does not contain spaces. Tried to remove the LDAP url from the issues certificates but that only moved the issue to the enterprise and root certificates.
Researching this, it seems like it should work but it fails with the above error message. Of course, when looking at this from a Windows host, everything is fine and the Enterprise PKI snapin reports everything as working.
Any hints or ideas are appreciated.
/Anders
Hth, Anders Janson Enfo Zipper