Online Responder Download Error Freshest CRL missing plus sign in value for CRL location and name of CRL file.

Carlo Colon 1 Reputation point
2021-02-02T17:53:44.837+00:00

Hello,
Our CA for our enterprise sub CA's recently had to be renewed. One of the CA's has a download error for the Delta CRL causing an error for OCSP. The CRL is looking for a plus sign and causing it not to be found. Question why would a freshest CRL look for the file without a plus when the file generated has a plus sign.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,747 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Carlo Colon 1 Reputation point
    2021-02-02T19:58:59.877+00:00

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\ADHEntCA\CRLPublicationURLs:

    CRLPublicationURLs REG_MULTI_SZ =
    0: 65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl
    CSURL_SERVERPUBLISH -- 1
    CSURL_SERVERPUBLISHDELTA -- 40 (64)

    1: 6:http://prdrh01a_dc3v.ad.curesources/pki/entcdph/%3%8.crl
    CSURL_ADDTOCERTCDP -- 2
    CSURL_ADDTOFRESHESTCRL -- 4
    
    2: 6:http://prdrh01a_dc2v.ad.curesources/pki/entcdph/%3%8.crl
    CSURL_ADDTOCERTCDP -- 2
    CSURL_ADDTOFRESHESTCRL -- 4
    
    3: 6:http://prdrh01a_dc1v.ad.curesources/pki/entcdph/%3%8.crl
    CSURL_ADDTOCERTCDP -- 2
    CSURL_ADDTOFRESHESTCRL -- 4
    
    4: 65:file://PRDRH01A_DC2V.ad.curesources/entcdpH/%3%8%9.crl
    CSURL_SERVERPUBLISH -- 1
    CSURL_SERVERPUBLISHDELTA -- 40 (64)
    
    5: 65:file://PRDRH01A_DC1V.ad.curesources/entcdpH/%3%8%9.crl
    CSURL_SERVERPUBLISH -- 1
    CSURL_SERVERPUBLISHDELTA -- 40 (64)
    
    6: 65:file://PRDRH01A_DC3V.ad.curesources/entcdpH/%3%8%9.crl
    CSURL_SERVERPUBLISH -- 1
    CSURL_SERVERPUBLISHDELTA -- 40 (64)
    
    0 comments No comments

  2. Vadims Podāns 9,111 Reputation points MVP
    2021-02-03T08:01:56.143+00:00

    Please, modify the following lines in you configuration:

    6:http://prdrh01a_dc3v.ad.curesources/pki/entcdph/%3%8.crl -> 6:http://prdrh01a_dc3v.ad.curesources/pki/entcdph/%3%8%9.crl
    6:http://prdrh01a_dc2v.ad.curesources/pki/entcdph/%3%8.crl -> 6:http://prdrh01a_dc2v.ad.curesources/pki/entcdph/%3%8.%9crl
    6:http://prdrh01a_dc1v.ad.curesources/pki/entcdph/%3%8.crl -> 6:http://prdrh01a_dc1v.ad.curesources/pki/entcdph/%3%8%9.crl
    

    restart certificate services and re-publish CRLs.

    0 comments No comments