DeltaCRL and OCSP expired and error after root crl update

Lee Todd 1 Reputation point

Hi all

We have PKI setup with rootCA offline and 2 issuing servers. Our root CRL was due to expire so followed the documentation we were given to update it. This was done yesterday and everything seemed ok.
This morning issuing server 1 had CDP location expiring (which i think is normal)
DeltaCRL Location expired and OCSP location Error.

Issuing server2 seems to be ok. This is the first time ive had to do this so not sure how to fix it and dont want to just go poking it.


Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
419 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,331 Reputation points

    Hi there,

    This problem may be caused by your configuration. Please try to change the following CA settings:

    -Uncheck "Include in the AIA extension on issued certificates".
    -Check "Include in the online certificate status protocol (OCSP) extension"

    Then revoke the CA Exchange certificate, run " certutil -cainfo xchg > xchg.cer" to get a new CA Exchange certificate.

    Here is a thread as well that discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.

    Online Responder Location Error

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments