Re: Eliminating the CDP in a Standalone Root CA

From: LFA (lfalbisu@yahoo.com)
Date: 06/04/02


From: lfalbisu@yahoo.com (LFA)
Date: 4 Jun 2002 07:51:48 -0700


"Eddy Koller [MS]" <ek107129@hotmail.com> wrote in message news:<3cfbee7a$1@news.microsoft.com>...
> You forgot to insert a new line as delimiter between the section head and
> the key.
> Thus, you should write:
>
> [CRLDistributionPoint]
> URL = \"\"
>
> instead of:
> [CRLDistributionPoint] URL = \"\"
>
> Please let me know if you have other issues.
>
> --
> Eddy Koller [MS]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples, if any, are subject to the terms specified
> at http://www.microsoft.com/info/cpyright.htm
>
> "LFA" <lfalbisu@yahoo.com> wrote in message
> news:232eea1.0206021721.49c2e198@posting.google.com...
> > I've got a Windows 2000 server that I'm configuring as a certificate
> > server. It's got SP2 and all of the available patches.
> >
> > My problem is that I can't seem to get rid of the CDP in my root CA
> > cert even when following instructions in KB article Q297528 which
> > mentions that the CRLDistributionPoint be stated as:
> >
> > [CRLDistributionPoint] URL = \"\"
> >
> > My CA Policy file is as follows:
> >
> > [Version]
> > Signature="$Windows NT$"
> >
> > [CAPolicy]
> > Policies=Legal Policy
> >
> > [Legal Policy]
> > OID=X.XX.XXX.X.XXXXXX.X.X.X.X
> > URL="http://xxxxxxxx.xxx.xxx/xxxxxx/policy/default.asp"
> >
> > [CRLDistributionPoint] URL = \"\"
> >
> > Is there anything else that needs to be done?
> >
> > Thanks in advance!
> >
> > L. Albisu

Eddy,

Thanks for the reply! I tried your suggestion plus a number of other
variations including:

[CRLDistributionPoint]
Empty = Yes

[CRLDistributionPoint]
Empty=Yes

[CRLDistributionPoint] URL = \"\"

[CRLDistributionPoint] URL=\"\"

[CRLDistributionPoint] URL = ""

[CRLDistributionPoint] URL=""

[CRLDistributionPoint] (just by itself)

[CRLDistributionPoints]

[CRLDistributionPoint]
URL = ""

[CRLDistributionPoint]
URL=""

[CRLDistributionPoint]
URL = \"\"

[CRLDistributionPoint]
URL=\"\"

I was grasping at straws so I tried moving this section up in the file
but it didn't work either.

I ended up entering a dummy URL and I'm good to go for now, but I need
to get this resolved since I'd really would like my root Cert to look
as it should. Also, I'm really curious as to what's the problem.

Any help you can provide would be greatly appreciated!

L. Albisu