I have installed a new subordinate online enterprise issuing server (W2K8) in my CA infrastructure. I am able to publish cert and CRL files to my AD with no errors. I have copied cert and CRL files to my http server (unix). I have subsequently updated the CRL files in AD and copied the updated file to the http server. When I view the status using PKIView, the CRL file in AD is always correct/OK but the CRL file on the http server shows as expired (in fact it shows the initial CRL that was uploaded to this server). I have to refresh this link 2 or 3 times to get it to correctly reflect the uploaded file (which I know is there), but sometimes it does not reflect the uploaded file at all and instead reflects the initial CRL file which of course is expired. It appears PKIView does not get it's CRL info from the actual published http location every time I start the program - would anyone know where PKIView (on W2K8) would get it's info CRL info in this circumstance. Thanks

We also have PKIView running on a W2K3 server and this version does reflect the correct status of the CRL file - it seems the problem is just with the W2K8 version. Does anybody know why PKIView on W2K8 may not always detect the latest CRL file uploaded to an http CDP ? Thanks again Den

try click File, Options and in opened dialog box click Delete files button. This will delete MMC snap-in related cache.http://en-us.sysadmins.lv

Thanks for your reply Vadims Unfortunately this has not resolved the issue. I have noticed the following: The latest CRL file has been uploaded to the http server and also published to ldap - this file expires on 19 Feb 2011 PKIVIew reports the CRL at ldap CDP location expires on 19 Feb 2011 PKIVIew reports the CRL at http CDP location expires on 11 Feb 2011 Copying the url from http CDP into my desktop browser shows a CRL which expires on 11 Feb 2011 Clicking refresh on the http CDP location occasionally brings up the correct expiration date (19Feb 2011) but if I close PKIVIew and start it again it will report the incorrect date - 11 Feb 2011 Does PKIView use a cache ? Thanks Dennis

yes, PKIView uses internal cache but not for PKI files. Try to reboot this computer.http://en-us.sysadmins.lv

Wait a second.... "Copying the url from http CDP into my desktop browser shows a CRL which expires on 11 Feb 2011" If you copy the URL and it downloads a file that expires on Feb 11, 2011, then this is the correct file being downloaded This seems to be the issue. By any chance, is the HTTP server a cluster or multi-node and you missed copying the updated CRL to one or more locations Brian