Re: Offline Root CA and CDP/AIA paths
From: Brian Komar [MVP] (bkomar_at_nospam.identit.ca)
Date: 09/09/05
- Next message: Steven L Umbach: "Re: p Security GPO Setup"
- Previous message: Sam NetAdmin: "p Security GPO Setup"
- In reply to: Harkin: "Re: Offline Root CA and CDP/AIA paths"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 Sep 2005 17:52:19 -0500
<snip>
In article <11i0frc674fgad7@corp.supernews.com>,
nospam@dont.send.any.spam.here.gmail.com says...
> What I meant was in the actual LDAP string for the CDP config on the RootCA.
> The string looks like this:
>
> Ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public
> Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>
>
> Since this machine is not part of the directory, do I leave the machine name
> out or do I leave it in and then publish it using the certutil -dspublish
> command? Little unclear on this one. Thanks.
>
>
Yes, you leave the name in, as the CDPs are, by default, stored in
containers based on the netBIOS name of the CA computer
(servershortname) in the CDP container.
You can then publish the CRL using certutil -dspublish -f
<Crlfilename.crl>
Brian
- Next message: Steven L Umbach: "Re: p Security GPO Setup"
- Previous message: Sam NetAdmin: "p Security GPO Setup"
- In reply to: Harkin: "Re: Offline Root CA and CDP/AIA paths"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
