ldap distribution point



We have a 3rd party VPN box that needs to retrieve CRL's from an LDAP
distribution point. I have not been able to retrieve the CRL's and
suspect the following issue. The CA was originally setup with a
relative LDAP path and a http: URL location. The VPN server does not
support http CRL retrieval. It will support LDAP with bind credentials
however.

We have an Windows Server 2003 offline root ca, and an online issuing
(Enterprise) CA
CRL Order:
-default
-LDAP
-http:

My question is this: I expect I need to change the LDAP URL to a
absolute path? and if so do I have to renew the CA's certificate
immediately after with a new key, or can I use an existing key.

Would it be possible to add a second LDAP url, or will that make
things more complicated?

Additionally, would I have to make any modifications to the AIA ldap
URL?

pkiview.msc is reporting all distribution points as OK

Appreciate any input,

Thank you,

.