Re: PkiView.msc - where does it get its info?

In article <u96jtfAcHHA.1388@xxxxxxxxxxxxxxxxxxxx>,
jwdaigle@xxxxxxxxxxxxx says...

"Brian Komar [MVP]" <bkomar@xxxxxxxxxxxxxxxxx> wrote in message
news:MPG.20717c242b53b31a9896ce@xxxxxxxxxxxxxxxxxxxxxxx
In article <eNP8ew5bHHA.264@xxxxxxxxxxxxxxxxxxxx>,
jwdaigle@xxxxxxxxxxxxx says...
I have an Online issuing CA in an server 2003 R2 AD environment. When I
first brought the CA up, I mistyped the AIA & CDP extensions. I typed
http::// (note the double ::). I have now seen the error of my ways, so
went to the CA administration applet, and corrected it.

However, PKIView is not seeing the updates on that same server.

Do I need to somehow republish or reissue the certificate and/or CRL now
that the correct AIA & CDP URLs are specified?

Thank you for any information,

Joe



If I remember correctly, the PKIView information is
being taken from the latest CA exchange certificate
(validity period is 1 week) issued by the CA.
If you delete the certificate out of the CA's local
machine store, you should request a new one, with the
correct information

Brian

Ah, I see. I have been driving myself crazy trying to figure out how to fix
my typing mistake. I would change it, wait for AD to update, and then check
pkiview - still the same.

But now I notice that all issued certificates have the incorrect AIA & CDP
in them (with the double ::). I have 40 workstation authentication
certificates that are "wrong". And they dont expire for a year :-(. Is
there a way that I can change their expiration date? Maybe I could update
the Workstation Authentication template to have them expire in a day or
something? Would that work?

As far as PKIView, not a big deal, I just checked and the CA Exchange cert
expires tomorrow, which is your memory is correct should fix the PKIView
issue.

Thank you very much for your help,

Joe


Unfortunately, you are going to have to get to the systems and replace
the certificates. One easy way, if you are using autoenrollment, is to
create a new certificate template that supercedes the Workstation
Authentication certificate and enables autoenrollment.
This will cause the workstations to re-enroll and replace the previous
(read as bad) certificates
Brian
.

Relevant Pages

  • Re: PkiView.msc - where does it get its info?
    ... I mistyped the AIA & CDP extensions. ... PKIView is not seeing the updates on that same server. ... Do I need to somehow republish or reissue the certificate and/or CRL now ...
    (microsoft.public.security)
  • Standalone Root CA
    ... AIA to a location within our AD and one on a web server. ... certificate and published a new CRL. ... certutil -dspublish to import the AIA and CDP information into AD. Used ...
    (microsoft.public.windows.server.networking)
  • Re: PkiView.msc - where does it get its info?
    ... I mistyped the AIA & CDP extensions. ... PKIView is not seeing the updates on that same server. ... Do I need to somehow republish or reissue the certificate and/or CRL ... I have 40 workstation authentication ...
    (microsoft.public.security)
  • Re: PkiView.msc - where does it get its info?
    ... I mistyped the AIA & CDP extensions. ... PKIView is not seeing the updates on that same server. ... Do I need to somehow republish or reissue the certificate and/or CRL ... I have 40 workstation authentication ...
    (microsoft.public.security)
  • Questions about new PKI infrastructure
    ... I'm about to implement a PKI infrastructure in my company, ... Certificate key length: 4.096 bits ... CRL and AIA publication order: ...
    (microsoft.public.windows.server.general)