Hello, now I'm able to publish CRL in LDAP, even tough my crl are empty.. now .. on the SubCAs certificate the AIA is OK, but the CDP and Delta CDP are both showing as "Unable to Download".

The LDAP's path are correct, or at least they look like correct.Please finde here below the LDAP i'm using

Working AIA

ldap:///CN=<CATruncateName>,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mycompany,DC=net?cACertificate?base?objectClass=certificationAuthority

Broken LDAP
Delta CRL Location 2
ldap:///CN=<CATruncatedName>,CN=<ServerShortName>,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mycompany,DC=net?deltaRevocationList?base?objectClass=cRLDistributionPoint

CDP Location 2
ldap:///CN=<CATruncatedName>,CN=<ServerShortName>,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mycompany,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint

Delta CRL Location 3

http://wwwca/CertEnroll/<ServerShortName>+.crl
In the meantime I have already issued 5 different certificate to my Subordinate CA trying to get those locations working without any results. What I have to do with all those certificates?? Can I keep them installed and in my policy?

If anyone can help that would be great.
Thank you

Need to support users over the internet? click here try our remote control online beta

I believe that default LDAP path for CRLs is:
ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mycompany,DC=net?certificateRevocationList?base?objectClass=cRLDistributionPoint
and the same for delta CRLs.My weblog:
http://en-us.sysadmins.lv

PowerShell PKI Module:
http://pspki.codeplex.com

Windows PKI reference:
on TechNet wiki

Need to support users over the internet? click here try our remote control online beta

Hello Vladims,
thanks for your reply.
Actually that was my original configuration but, once I installed the new Sub CA certificate <CRLNameSuffix>
was being translate in the string (1). So.. when I tried to publish my CRL i got an Object not found error since the CRL Distribution point enumerated is missing in my LDAP.. or at least has not been updated..
Any idea..??

Thanks

Need to support users over the internet? click here try our remote control online beta

did you tried to publish it manually?
certutil -dspublish -f CrlFile(1).crl
My weblog:
http://en-us.sysadmins.lv

PowerShell PKI Module:
http://pspki.codeplex.com

Windows PKI reference:
on TechNet wiki

Need to support users over the internet? click here try our remote control online beta

Hi Vadims,
the dspublish fails.. of cours it tries to publish to CDP CRL Distribution point enumerated that is missing in my LDAP. I have just the CRL Distribution point named as <CATruncatedName> without (1)....

There is an amazing pack of free network admin tools. click here to download it

an update... after restarting the PKI i was able to manually publish the CRL manually. but..
i have two CRL files in my directory and, of course, two delta CRLs.
first one is <CATruncatedName>.crl
second one is <CATruncatedName>(1).crl
from PKIView i have two errors
Delta CRL Location 2 is unavailable
CDP Location 2 is unavailable
both are LDAP location
and the location of LDAP based on my extensions configuration is ldap:///<CATruncatedName>(1)...etc etc. Once again in my CDP my CRLDistributionPoint exists as <CATruncatedName>.
Checking the CDP for the root CA ... CRLDistributionPoint exists as <CATruncatedName>(1) and everything is working fine..

I hope it helps you to have a better view of the problem

Thanks

Gerardo

Need to support users over the internet? click here try our remote control online beta

Hi Vadims,
finally i was able to get it working... after the dfspublish the CRL DistributionPoint has been updated accordingly and now it works...
Thanks for your support.

Gerardo

There is an amazing pack of free network admin tools. click here to download it

did you tried to publish it manually?
certutil -dspublish -f CrlFile(1).crl
My weblog:
http://en-us.sysadmins.lv

PowerShell PKI Module:
http://pspki.codeplex.com

Windows PKI reference:
on TechNet wiki

There is an amazing pack of free network admin tools. click here to download it