CDP AIA order
It's been stated that the CDP and AIA location order is important, that generally speaking an HTTP location should be listed first so that non-Microsoft clients can find them. When using a certutil post script, is the order listed the order they
will be in the issued certificates? In the below examples will the CDP/AIA attributes have the ldap location before the http location?
certutil -setreg CA\CRLPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n10:ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10\n
2:http://www.fabrikam.com/Certdata/ %%3%%8%%9.crl"
certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11\n
2:http://www.fabrikam.com/CertData/%%1_%%3%%4.crt"
Thanks!
PaulT15
May 6th, 2011 10:13am
yes. Certutil maintains the same URL order as specified in the arguments. Thus in this example the first URL will be LDAP and then HTTP.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 11:24am