PKIVIEW CDP location not updating

KJ 81 Reputation points

I am having a similar problem as this:

CRL file for issuing CA shows as expired in PKIVIEW in one of the 2 CDP locations.
All CDP file locations show the current CRL file when we browse to the local folder locations on the server and paste the listed web URLs into a web browser.
We have already tried restarting the issuing CA and running the "certutil -cainfo xchg" to update pkiview cache, but nothing has helped.

What else is left to do to get pkiview to update the problem CDP location?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,712 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,286 Reputation points Microsoft Vendor

    To know the issue more clearly, would you please tell more about the CA environment?
    For ,is it a one tier pki or 2 tier pki?
    Is the root CA offline ?
    If the offline CA is offline , we need to issue the CDP location manually .Following steps for your reference:
    1,Manually generate the CRL from the Root CA ,and publish it.
    2,Importing the CRL on the subordinate CA
    3,Restarting the service
    For more details you can refer to the details as following screenshot and link:

    Best Regards,

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. KJ 81 Reputation points

    It is a 2 tier PKI with an offline root.
    We have already generated a new CRL from the offline root.
    We have already copied the new CRL to the file locations on the subordinate CA specified in the CDP.
    We have already copied the CRL to the HTTP locations specified in the CDP.
    We have verified that the CRL HTTP location is accessible from a web browser and that the correct CRL file downloads.

    We are not using LDAP locations. Only file and HTTP.
    There are 2 HTTP locations.

    Despite this, pkiview still sees the old CRL file in one of the HTTP locations instead of the new CRL file that has been installed in all the. CDP locations.

    0 comments No comments

  2. KJ 81 Reputation points

    The issue when away overnight with no further steps taken.