How do I automate the publication/distribution of the CRL/DeltaCRL & AIA to an http location that is not the local CA? Entperise Issuing CA - ServerA certutil -setreg CA\CRLPublicationURLs "65:%windir%\system32\CertSrv\CertEnroll\%3%8%9.crl\n6:http://<serverB>.<internaldomain>.com/CertData/%3%8%9.crl\n79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10" certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%1_%3%4.crt\n2:http://<serverB>.<internaldomain>.com/CertData/%1_%3%4.crt\n3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11" ServerB is internal web farm. How can I automate CRL/DeltaCRL & AIA distribution/publication to this server? Thanks, Paul

One way is to do a scheduled task that runs at the base and delta crl intervals: 1) Base cRL certutil -crl timeout /t:5 copy /y %windir%\system32\certsrv\certenroll\*.cr? \\serverb\share 2) Delta cRL certutil -crl delta timeout /t:5 copy /y %windir%\system32\certsrv\certenroll\*.cr? \\serverb\share You can replace the copy command with any transfer protocol you like (depending on OS/firewalls, etc) Brian