I have often seen that the revocation list distribution points of a Server 2008 R2 certificate authority were configured incorrectly or not at all. Therefore, I describe here how to restore the distribution points of an Active Directory integrated certificate authority under Windows Server 2008 R2.
Die Verteilungspunkte werden unter dem Reiter „Erweiterungen“ in den Eigenschaften der Zertifizierungsstelle konfiguriert.
Here are the standard distribution points and the properties:
C:\Windows\system32\CertSrv\CertEnroll\.crl
ldap:///CN=,CN=,CN=CDP,CN=Public Key Services,CN=Services,
http:///CertEnroll/.crl
file://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
And here are the default values for accessing job information:
C:\Windows\system32\CertSrv\CertEnroll\_.crt
ldap:///CN=,CN=AIA,CN=Public Key Services,CN=Services,
http:///CertEnroll/_.crt
file://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
After the changes, the blacklists can be published at the new locations:
