tenacious

I just checked again by copy/paste into notepad. The invisible characters are no longer there, so it looks like whatever you changed worked.

It was in Part 4. There are two sections: Step 3. Configure the AIA certutil -setreg CA\CACertPublicationURLs "1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11\n2:http://pki.windows-noob.com/CertEnroll/%1_%3%4.crt" Step 4. Configure the CDP certutil -setreg CA\CRLPublicationURLs "1:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl\n10:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10\n2:http://pki.windows-noob.com/CertEnroll/%3%8%9.crl" I triple-clicked to select the text, then copy pasted into notepad so I could change the name of the .crt and .crl I've just copy-pasted into notepad again, and now I'm looking for it, I can recognise that the invisible characters are there. I'm using Firefox 68.0.1

Great guide! I initially had the 'CDP Location' and 'unable to download' issue. For me, it was the http entry CDP #2. One thing I did notice is the the path shown using pkiview ended with '.crl%EE%BE%FF' rather than just the '.crl' (I can't remember the exact hex numbers). I could get to the crt via http if I removed the percentage part. I looked in the registry on RootCA and the CDP #2 path was last entry in the value. I know that each line must end with a return (in the registry), but for this particular line, there was an extra invisible character included before the return. I removed it (but kept the return), then republished from root > issuingca and it started working Maybe this is due to cut-and-paste from the website? If anyone has a similar issue, check the registry of potentially affected machines for invisible characters. I was scratching my head and looking at other stuff, so I can't be sure that this was the cause, but the %EE%EF%FF didn't seem right. PS - this was on Server 2019