It's been stated that the CDP and AIA location order is important, that generally speaking an HTTP location should be listed first so that non-Microsoft clients can find them. When using a certutil post script, is the order listed the order they will be in the issued certificates? In the below examples will the CDP/AIA attributes have the ldap location before the http location? certutil -setreg CA\CRLPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n10:ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10\n 2:http://www.fabrikam.com/Certdata/ %%3%%8%%9.crl" certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11\n 2:http://www.fabrikam.com/CertData/%%1_%%3%%4.crt" Thanks! PaulT15

yes. Certutil maintains the same URL order as specified in the arguments. Thus in this example the first URL will be LDAP and then HTTP.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com