Learn how to configure the Certificate Revocation List (CRL) Distribution Point (CDP) and the Authority Information Access (AIA) settings on CA1.
Learn how to manage Authority Information Access (AIA) URL retrieval in Windows, ensuring certificate trust chains are built safely.
To publish the CRL and CA certificate from the CA to the Web server virtual directory, you can run the certutil -crl command after you configure the CDP and AIA locations on the CA. Ensure that you configure the correct paths on the CA Properties Extensions tab before you run this command using the instructions in this guide.
Since I have two sub-CAs, I've added an webserver to act as a new CRL/AIA distribution point for the envrinoment. After configuring the offline root CA to point to the new webserver, and succeeds in publishing the CRL their, PKIVIEW utility accross the entire PKI is still pointing to the old CDP location, which is on the old subCA.
Repointing CDP/AIA HTTP locations of an offline root CA is not ...
The Add-CAAuthorityInformationAccess cmdlet configures the uniform resource identifier (URI) for the Authority Information Access (AIA) or Online Certificate Status Protocol (OCSP) for a certification authority (CA).
The Get-CAAuthorityInformationAccess cmdlet gets the Authority Information Access (AIA) and Online Certificate Status Protocol (OCSP) URI information set on the AIA extension of the certification authority (CA) properties.
I'd like to do exactly what's on the title, republish the AIA and CRL files, that's it. They are published automatically when the CA first starts but they aren't updated, at least not the AIA until the CA renews its certificate.