I have often seen that the revocation list distribution points of a Server 2008 R2 certificate authority were configured incorrectly or not at all. Therefore, I describe here how to restore the distribution points of an Active Directory integrated certificate authority under Windows Server 2008 R2.
The distribution points are configured under the "Extensions" tab in the properties of the certification authority.
Here are the standard distribution points and the properties:
C:\Windows\system32\CertSrv\CertEnroll\.crl
ldap:///CN=,CN=,CN=CDP,CN=Public Key Services,CN=Services,
http:///CertEnroll/.crl
file://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
And here are the default values for accessing job information:
C:\Windows\system32\CertSrv\CertEnroll\_.crt
ldap:///CN=,CN=AIA,CN=Public Key Services,CN=Services,
http:///CertEnroll/_.crt
file://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
After the changes, the blacklists can be published at the new locations:
