How to change default CertEnroll folder in Certificate Services (is this a bug?)
Hello,
I am running a Windows server 2008 R2 Certificate Services standalone Root CA in my lab.
I am trying to change the default folder where CA certificates are published, from C:\windows\system32\certsrv\certenroll to C:\CertAuth\CertEnroll.
Using the CA user interface, I deleted the default AIA path and inserted the one with the new local path, but when I renew the certificate (with rekey), the new certificate is still written in the old (default) path, with the old (default) name template.
I also noticed that the CACertPublicationURLs value looks incorrect: it has value
0:C:\CertAuth\CertEnroll\%3%4.crt
where I would expect
1:C:\CertAuth\CertEnroll\%3%4.crt
Is this a bug?
The same does NOT happen with the CRLs, which are published correctly in the new folder only, and the CRLPublicationURLs value is
1:C:\CertAuth\CertEnroll\%3%8.crl
So, how can I change the CertEnroll folder?
Thank you
September 8th, 2011 7:03pm
you can't change default path to publish CA certificate. It is no longer supported. However custom CRL publishing paths are supported. You need to manually (or automate by using custom scripts) copy CA certificate to custom folder.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
September 8th, 2011 9:10pm
Thank you, Vadims, clearly it is as you have written.
I simply cannot understand why they decided to drop this feature, and why they left it available at the user interface; you know if there is any MS official statement about that?
September 13th, 2011 4:50pm
I don't know why, sorry.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2011 5:33pm