ADCS CDP location not showing in issued certs

Question

I recently checked the option to "Publish CRLs" and "Publish Delta CRLs" for a file share in our ADCS CA:

But the file share isn't listed as a CDP location when I run pkiview:

I reissued a certificate on a test machine and it too only shows the ldap location in the CDP list:

The file share has been configured and CRLs are being published there. How do I add the file share to our CDP locations? My goal is to allow non-domain joined PCs to access the CRLs. Currently non-domain joined PCs are unable to validate AD CS certs (error message about the revocation server being offline). I assume that's because the only available CRL is through Active Directory (ldap).

Answer 1

Hi,
Welcome to share here!

I thought it is a default behavior that the location file:// not displaying in the pkiview.msc
Here is the screenshot in my lab:

If you want make sure if the file share to the CDP locations is working , just check the users can access it successfully and the CDP are updated in the share folder.
For How to request certificate from a non-domain computer, please refer to the following link:
https://social.technet.microsoft.com/Forums/ie/en-US/098f858a-3e89-48d2-828e-274487033f6b/how-to-request-certificate-from-a-nondomain-computer?forum=winserversecurity

Best Regards,

Answer 2

file:// URL scheme is not supported for inclusion in CDP extension in issued certificates. CryptoAPI clients will unconditionally fail on file:// URL checking. Only ldap:// and plain http:// URL schemes are supported for CRL retrieval. Any other is not supported.