K
Kristin L. Griffin
Guest
Hi Folks,
I have been messing around with the PKIView tool to figure out what makes it
tick.
I understand that if I make changes to the AIA and CDP extensions in the
Cert Auth Properties, that I have to re-issue the CAExch cert because PKIView
uses the data in that cert to show status of these locations.
However, I have found something else that makes PKIView show errors. And I
dont understand it.
The error is reproducible.
It has to do with the "Include in the CDP extension of issued certificates"
check box for http URL entries for the CDP extension area of the Cert Auth
Properties.
In the help file it states that you "check this box if you want to use a URL
as a CRL distribution point".
that's confusing. I thought that adding the URLs in the first place showed
users where to get CRL and CA cert files. So why the need for this
additional checkbox?
Anyway, i have 2 entries CDP entries. The registry shows them like this:
7:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
4:http://%1/CertEnroll/%3%8%9.crl
Here is the reproducible error.
I highlight the HTTP URL and check the box to use the URL as a CRL
distribution point, and then refresh PKIView.
I get an error: DeltaCRL Location #2 Unable to download.
This location is pointing to a
file://BIGFIRMCA1.bigfirm.com/certenroll/bigfirm-CA1-CA(6)+.crl
If I right click on the error and choose COPY URL, and paste that in a
browser, I get a file.
If I remove this check box the error goes away.
This does not happen if I check of uncheck this box corresponding to the
LDAP url.
Why on earth is the location pointing to a FILE url anyway? And what is the
connection with this setting?
The certutil -verify urlfetch command output run on the newest CAExch cert
is below too.
Many thanks!
Kristin
PS - I know the verify url.txt file shows a bunch of lines like this:
Wrong Issuer "Certificate (2)" Time: 0
I reissued the CA cert a bunch of times at one point to see what happened.
I assume this is why i am seeing those lines.....
Microsoft Windows [Version 6.0.6001]
Copyright
I have been messing around with the PKIView tool to figure out what makes it
tick.
I understand that if I make changes to the AIA and CDP extensions in the
Cert Auth Properties, that I have to re-issue the CAExch cert because PKIView
uses the data in that cert to show status of these locations.
However, I have found something else that makes PKIView show errors. And I
dont understand it.
The error is reproducible.
It has to do with the "Include in the CDP extension of issued certificates"
check box for http URL entries for the CDP extension area of the Cert Auth
Properties.
In the help file it states that you "check this box if you want to use a URL
as a CRL distribution point".
that's confusing. I thought that adding the URLs in the first place showed
users where to get CRL and CA cert files. So why the need for this
additional checkbox?
Anyway, i have 2 entries CDP entries. The registry shows them like this:
7:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
4:http://%1/CertEnroll/%3%8%9.crl
Here is the reproducible error.
I highlight the HTTP URL and check the box to use the URL as a CRL
distribution point, and then refresh PKIView.
I get an error: DeltaCRL Location #2 Unable to download.
This location is pointing to a
file://BIGFIRMCA1.bigfirm.com/certenroll/bigfirm-CA1-CA(6)+.crl
If I right click on the error and choose COPY URL, and paste that in a
browser, I get a file.
If I remove this check box the error goes away.
This does not happen if I check of uncheck this box corresponding to the
LDAP url.
Why on earth is the location pointing to a FILE url anyway? And what is the
connection with this setting?
The certutil -verify urlfetch command output run on the newest CAExch cert
is below too.
Many thanks!
Kristin
PS - I know the verify url.txt file shows a bunch of lines like this:
Wrong Issuer "Certificate (2)" Time: 0
I reissued the CA cert a bunch of times at one point to see what happened.
I assume this is why i am seeing those lines.....
Microsoft Windows [Version 6.0.6001]
Copyright