Hi, I installed PKI with the following Configuration : 1- stand alone CA to be offline in the future 2- Enterprise CA as subordinate from the Stand alone CA to be the issuer and the revocation server but when i turn off the Stand alone CA and try to issue certificate from the enterprise CA i got error that the revocation server is offline is there any missing configuration in my setup ? Thanks Tarek Tarek Khairy

You need to make sure that the revocation information from your Root CA is always available online. This is because the revocation check is performed on all objects in a certificate chain. The missing step is to designate an online CRL distribution point for your Root CA. It can either be published in your AD and or on a suitable web server to make it available for none AD integrated users and computers. Remember that you need to reissue your enterprise CA certificate after changing the CDP URLs on your Root CA. /Hasain