Hello, I have a few questions but the primary one is as follows: I'm learning about PKI and have a test lab set up. I'm checking the health status on PKIView and its showing that my root CA cannot download from the LDAP CDP location. As far as I was aware, the server won't be able to download form this location as its a standalone server with no access to AD. Am I right in thinking this? If not, can someone explain this scenario? I have taken the root CA certificate and CRL and published them to active directory by using the following commands on a domain member server (also the issuing CA): certutil -f -dspublish root-ca.cer rootca certutil -f -dspublish root-ca-crl.crl I've read people talking about publishing certificates and CRLs to certain LDAP containers (I'm assuming they are like OUs but for the AD database) but I really don't understand this process and what these containers are for and what they do. Can anyone give a brief "idiots guide" to this? Also, my Root Ca is showing the OCSP location as having an error however I've never set an OCSP up for the root CA. I have for the issuing CA but that's it. Does anyone have any ideas why this is showing as having an error?

Anyone?!