You have to duplicate (add next to existing) existing LDAP URL and replace <ServerShortName>
variable with fixed constant that matches the old system name and checking only "Publish CRLs to this location" and "Publish Delta CRLs to this location". Then CA will automatically publish subsequent CRLs to previous locations.
Solving CDP/CRL issue
I have an issuing CA where the CA cert's LDAP CDP includes the system short-name macro. There is no HTTP CDP. I recently migrated the CA role to a new server. The current CDP now includes the new system name which is causing an issue with certificates issued prior to the migration in that the older certificates have a CDP with the old server name listed. Is there any way for the CRL to be pubilished to the old location automatically similar to how its automatically published to the new CDP?
I've published to the old location using certutil -dspublish -f CRLfile "old-system-name" which seems to have fixed the problem temporarily. However, wouldn't the issue show up again once the current CRL expires?
-
Vadims Podāns 9,121 Reputation points MVP
2022-09-14T07:24:31.287+00:00