Hi,
I'm currently setting up a Root Certification Authority with CAPolicy.inf file and post installation script afterwards. I noticed, that with setting the CRL Distribution Points with "certutil -setreg CA\CRLPublicationURLs" the replacement tokens will not get properly resolved. In particular I used the following command via batch file to set a standard CRL Publication point:
certutil -setreg CA\CRLPublicationURLs "1:C:\Windows\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n2:http://pki.domain.de/root/RootCAv1%%8.crl"
The result I get when publishing a fresh CRL afterwards is that the "%3%8%9" characters are present instead of resolving "CaName" and other variables properly. If I insert the plain text replacement token similar to configuration via"certsrv.msc":
certutil -setreg CA\CRLPublicationURLs "1:C:\Windows\System32\CertSrv\CertEnroll\<CaName><CRLNameSuffix>.crl\n2:http://pki.domain.de/root/RootCAv1<CRLNameSuffix>.crl"
I get an error message telling me "The filename, directory name, or volume label syntax is incorrect. 0x8007007b (WIN32/HTTP: 123 ERROR_INVALID_NAME". I noticed that some *.tmp files are generated in the correct folder, so I assume the file location in general should be fine. Last but not least: if I set the CDP manually in "certsrv.msc", everything is working fine.
Thanks for any hint about that issue.