Enterprise PKI
Hey Guys,
I'm setting up a 2008 R2 PKI with an offline root and an online enterprise CA. I've pretty much got it working but I'm having three problem.
I'm verifying the setup with the pkiview.msc tool and its giving me the error:
AIA Location #2 Unable to Download
http://server.domain.com/CertEnroll/xxx.crt
DeltaCRL Location #2 Unable to Download http://server.domain.com/CertEnroll/xxx.crt
CDP Location #2 Unable to Download http://server.domain.com/CertEnroll/xxx.crt
Here is output when run
:\>certutil -getreg CA\CAcertpublicationURLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\DC1\C
ACertPublicationURLs:
CACertPublicationURLs REG_MULTI_SZ =
0: 1:C:\WINDOWS\system32\CertSrv\CertEnroll\%1_%3%4.crt
CSURL_SERVERPUBLISH -- 1
1: 3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
CSURL_SERVERPUBLISH -- 1
CSURL_ADDTOCERTCDP -- 2
2: 2:http://%1/CertEnroll/%1_%3%4.crt
CSURL_ADDTOCERTCDP -- 2
3: 0:file://\\%1\CertEnroll\%1_%3%4.crt
CertUtil: -getreg command completed successfully.
I have no idea how to fix those issue.MCSE
May 28th, 2010 3:13am
Hi,
Please confirm where you ran the pkiview.msc tool and got the errors. Can you access the URL
http://server.domain.com/CertEnroll/xxx.crt from the computer?
Normally, you will get the
File Download prompt after you type the URL in the Internet Browser.
As it is a PKI issue, I’ve moved the thread to the Security Forum so that you can get more suggestions from other PKI experts.
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2010 5:37am
One possibility:
When you run pkiview.msc from a computer, it runs as the local computer account when attempting to download HTTP URLs.
If you use a proxy server, then you must enable proxy access for the computer.
Use the netSH command to set the proxy server
Brian
June 1st, 2010 4:36am
Hi,
How's everything going? Is there any update on the issue?
If you need further assistance, please do not hesitate to respond back.This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2010 4:26am
The default web site is working fine. I don't have a proxy server, when I access URL
http://server.domain.com/CertEnroll/xxx.crt
Getting those error:
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
<fieldset style="width: 662px; height: 244px;"><legend>Detailed Error Information</legend>
Module
IIS Web Core
Notification
MapRequestHandler
Handler
StaticFile
Error Code
0x80070002
Requested URL
http://server.domain.com:80/CertEnroll/server.domain.COM_DC1.crt
Physical Path
C:\inetpub\wwwroot\CertEnroll\server.server.COM_server.crt
Logon Method
Anonymous
Logon User
Anonymous
</fieldset>MCSE
June 8th, 2010 9:30am