Repointing CDP/AIA HTTP locations of an offline root CA is not reflected in PKIVIEW.msc

Question

Hello,

I've searched a lot before posting, but non of the available solutions fixes my issue (or some might sound dangerous a bit to apply). I have a 2-tier PKI, here's the setup and waht I'd like to achieve: (all running W2K19)

1- one offline root CA, domain joined.

2- one (old) subordinate CA. holds the distribution of CDP/AIA of root CA.

3- one (new) subordinate CA, added recently to the PKI env. for HA purposes, no CA clustering is configured. up-stram CA is the offline root CA.

Since I have two sub-CAs, I've added an webserver to act as a new CRL/AIA distribution point for the envrinoment. After configuring the offline root CA to point to the new webserver, and succeeds in publishing the CRL their, PKIVIEW utility accross the entire PKI is still pointing to the old CDP location, which is on the old subCA. All I need is just to have the new CDP locations be visible/updated in PKIView without any hard-to-do solutions. Our PKI now is more critical than ever as NDES servers are also involved.

Thank you in advance for your help.

Answer 1

Hello Mohamed Roushdy,

Thank you for posting in Q&A forum.

You can configure a new CDP by adding a new entry instead of configuring it by changing from old CDP location setting. After you configure new CDP location successfully, then you can remove the old CDP location.

For more information about how to configure CDP, you can read the steps in the link below.

https://learn.microsoft.com/en-us/archive/technet-wiki/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

Hello,

I'd hope if anyone had a similar issue can help with his experience. Thank you,