Hello, I am running a Windows server 2008 R2 Certificate Services standalone Root CA in my lab. I am trying to change the default folder where CA certificates are published, from C:\windows\system32\certsrv\certenroll to C:\CertAuth\CertEnroll. Using the CA user interface, I deleted the default AIA path and inserted the one with the new local path, but when I renew the certificate (with rekey), the new certificate is still written in the old (default) path, with the old (default) name template. I also noticed that the CACertPublicationURLs value looks incorrect: it has value 0:C:\CertAuth\CertEnroll\%3%4.crt where I would expect 1:C:\CertAuth\CertEnroll\%3%4.crt Is this a bug? The same does NOT happen with the CRLs, which are published correctly in the new folder only, and the CRLPublicationURLs value is 1:C:\CertAuth\CertEnroll\%3%8.crl So, how can I change the CertEnroll folder? Thank you

you can't change default path to publish CA certificate. It is no longer supported. However custom CRL publishing paths are supported. You need to manually (or automate by using custom scripts) copy CA certificate to custom folder. My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Thank you, Vadims, clearly it is as you have written. I simply cannot understand why they decided to drop this feature, and why they left it available at the user interface; you know if there is any MS official statement about that?

I don't know why, sorry.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki