Configure the Enterprise PKI Snap-In
Applies To: Windows Server 2008
The left-hand pane, or console tree, of the Enterprise PKI snap-in includes a tree view of the public key infrastructures (PKIs) and enterprise certification authorities (CAs) in an organization.
If you select a specific PKI in the console tree, the details pane displays the status of the entire PKI: OK, if everything is properly configured and functioning correctly, or Error, if there are problems that require attention.
If you select a specific CA in the console tree, additional information that can be used to identify the source of an Error condition is displayed, including whether the following are available, expiring, or unavailable:
CA certificate
Authority information access locations
Certificate revocation list (CRL) distribution points
Delta CRL distribution points
By right-clicking the name of the PKI in the console tree, you can configure when you want to display alerts for the following components of the CAs in that hierarchy.
Component | Description |
---|---|
Set certificate status to Expiring when expiring in |
Number of days before a CA certificate expires that a warning will appear |
Set CRL status to Expiring when expiring in |
Number of hours or days before a CRL expires that a warning will appear |
Set Delta CRL status to Expiring when expiring in |
Number of hours or days before a delta CRL expires that a warning will appear |
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
To modify warning options for a PKI
Open the Enterprise PKI snap-in.
In the console tree, right-click Enterprise PKI.
Click Options.
Review and modify the days or hours listed for the CA certificate, CRLs, and delta CRLs.
Click OK.
On the Action menu, click Refresh.