Jump to content


Established Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Bridge last won the day on July 23 2018

Bridge had the most liked content!

Community Reputation

1 Neutral

About Bridge

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Within PKIView.msc I'm seeing an error for the Root CA -- CDP Location #1, set to LDAP. Everything else is reporting as healthy except for this. Is there a way to re-publish this, or what would be the best way to start determining where I went wrong with the setup?
  2. Thanks for the link, and the lab is definitely very useful and better than some other ones I've seen. I'll go through it some more. It seems like there's very little info on this specific aspect available on the internet regarding CApolicy.inf. I'm probably overthinking it but don't want to get it wrong. In other examples like Brian Komars book I see he adds more info under [certsrv_server] like "CRLPeriod", "CRLPeriodUnits", etc. and was wondering if there was a reason they were excluded on yours, if they are no longer needed or are set elsewhere, or if it's just due to it being a lab environment and those are the bare minimum settings needed for CAPolicy.inf EDIT: Just so other people who have the same question, I was able to find out that the only thing the CApolicy is needed for is to overwrite the few parameters that otherwise can't be configured via Powershell/GUI. So you're probably going to find a whole array of CApolicy files that are all technically correct, production-quality, they just contain varying levels of detail, and it's actually better to set them using CERTUTIL instead of defining them in the CAPolicy.inf file.
  3. I'm going through the guide now and was wondering if the CAPolicy.inf for Part 5 (https://www.windows-noob.com/forums/topic/16256-how-can-i-configure-pki-in-a-lab-on-windows-server-2016-part-5/) is what is recommended/best-practice for a production environment? I plan on replacing the OID with one from IANA, and obviously replacing the rest of the URL to match our CPS, but is that all that is needed? Should anything else be added? I noticed on some Microsoft blogs/guides it has CRL and AIA info included in it, and various other settings. Just wondering if there's any other relevant information on this. Thank you!
  • Create New...