Hi, We have a Windows Server 2008 R2 Environment. Two domain controllers with two sites. One Windows Certificate Server as Enterprise PKI CA. I have been testing this to do digital signatures with Adobe Acrobat and it was working fine for a while. Adobe could check the Revocation lists successfully. We recently noticed that this stopped working. So, I checked the CA server and I see the following: CDP Location # 1 - "Expired" DeltaCRL Location # 1 - "Expired" OSCP Location # 1 - Error I tried to manually published a new CRL by right-clicking Revoked Certificates --> All Tasks --> Publish but this didn't clear the problem I looked for the actual crl files under C:\Windows\System32\certsrv\CertEnroll and I see the expired crl files.... I tried moving them out temporarily and tried to publish them again but there were no new files in there? So, where are the new published files going? I also right-clicked Revoked Certificates and click on the View CRLs tab. I see two "current" with a Publish Status of "OK"... Please advise. Thanks!

Please check your application eventlog. There should be something related. Also please post the following command output: certutil -getreg ca\crlpublicationurlsMy weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

Ok I figured it out... when I was using the Step-by-Step Guide it said something about deleting the CDP... so I think that's what happened. http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx#BKMK_BS3 So I just went back and added the following: Right-clicked CA server name --> Properties --> Extensions Select extension: CRL Distribution Point (CDP) Added : C:\Windows\System32\certsrv\CertEnroll\<CAName><CRLNameSuffix><DeltaCRLAllowed>.crl Checked the following: Publish CRLs to this location Publish Delta CRLs to this location. Rebooted just because.. everything is good now!