T
_TFA
Guest
Hi guys,
We have an old server which was our enterprise root CA in the domain. However we wanted to migrate the CA to a new server, so we could remove the old server from the domain. There are some tutorials out there on how to do this, I used this one:
Moving Certificate Services To Another Server | PeteNetLive
And this migration went OK, however, when we request new certificates they still refer to the old server for the certificate revocation list distribution point (CDP). But again there are tutorials on how to change this, this time I used one from Microsoft:
Configure the CDP and AIA Extensions on CA1
So I went through all the steps. Basically I changed http://oldserver.domain/certentroll/crlname.crl to http://newserver.domain/certentroll/crlname.crl and I checked to make sure the links work. I did this for HTTP and file access for both the CDP and AIA as described in the article. However when I request a new certificate it still lists http://oldserver.domain/certentroll/crlname.crl as the CRL, which is offline. How can I change the CRL listed in the certificate CDP to use the new CRL?
Thanks a lot!
Continue reading...
We have an old server which was our enterprise root CA in the domain. However we wanted to migrate the CA to a new server, so we could remove the old server from the domain. There are some tutorials out there on how to do this, I used this one:
Moving Certificate Services To Another Server | PeteNetLive
And this migration went OK, however, when we request new certificates they still refer to the old server for the certificate revocation list distribution point (CDP). But again there are tutorials on how to change this, this time I used one from Microsoft:
Configure the CDP and AIA Extensions on CA1
So I went through all the steps. Basically I changed http://oldserver.domain/certentroll/crlname.crl to http://newserver.domain/certentroll/crlname.crl and I checked to make sure the links work. I did this for HTTP and file access for both the CDP and AIA as described in the article. However when I request a new certificate it still lists http://oldserver.domain/certentroll/crlname.crl as the CRL, which is offline. How can I change the CRL listed in the certificate CDP to use the new CRL?
Thanks a lot!
Continue reading...