Hello ManuelVallejo-8019,
Thank you for posting here.
Based on the test in my lab, we can set up as below:
Step1
I set up one-tier CA on my lab based on the link below.
ADCS Step by Step Guide: Single Tier PKI Hierarchy Deployment
https://social.technet.microsoft.com/wiki/contents/articles/11750.adcs-step-by-step-guide-single-tier-pki-hierarchy-deployment.aspx
Step2
I configured the AIA and CDP entries in the extension on the old CA server.
AIA entries
C:\Windows\system32\CertSrv\CertEnroll\<ServerDNSName><CaName><CertificateName>.crt
ldap:///CN=<CATruncatedName>,CN=AIA,CN=Public Key Services,CN=Services,<ConfigurationContainer><CAObjectClass>
http://pki.fabrikam.com/**CertEnroll-CA1**/\<ServerDNSName><CaName><CertificateName>.crt
CDP entries (2019server is my IIS server)
C:\Windows\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>
http://pki.fabrikam.com/CertEnroll-CA1/\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
file://\2019server.fabrikam.com**CertEnroll-CA1**\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Step3
I migrate the CA from CA1 (host name) to CA2 (host name) based on the link below.
Step-By-Step: Migrating The Active Directory Certificate Service From Windows Server 2008 R2 to 2019
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674
Step4
By default, all the AIA and CDP entries under Extensions tab of the CA Properties on the old CA will be migrated from old CA server to new CA server.
Step5
I add another http CDP based the steps below.
1.Ctreate an folder named certenroll1 (or another name,in my case it is CertEnroll-CA2( C:\CertEnroll-CA2) on the same IIS server as when I set up CA (or you can on another new IIS server).
2.Assume I will add http type CRL.
Add another CDP on Extensions tab of new CA server (CA2).
http://pki.fabrikam.com/CertEnroll-CA2/\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
file://\2019server.fabrikam.com\CertEnroll-CA2\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
3.Republish the CRL to see the CRL on IIS server (such as CertEnroll-CA2).
4.Open PKIview.msc to check new CA CDP.
Hope the information is helpful, if anything is unclear, please feel free to let us know.
Best Regards,
Daisy Zhou