[How can I configure PKI in a lab on Windows Server 2016 - Part 5]

I understand how to request the cert and why.. my question was after requesting it.. it was there in cert auth under issued certificates but it wasn't installed on the server I requested from.

I know I can install cert manually.. I was just wondering why it says it installed but it really didn't..

BY THE WAY>>>>

Can you tell me HOW TO CHANGE THE DELTACRL LOCATION #2

from http://dc2k16entsubca.egmc.org/CertEnroll/DC2K16ENTSUBCA-CA+.crl

to http://pki.egmc.org/certentroll/DC2K16ENTSUBCA-CA+.crl

like yours... I have been trying for hours to change...\

all my other issues I have worked out … this is the only one I just cant find or figure out.. I have gone back over your pub's and nothing...……...HELP

 

[How can I configure PKI in a lab on Windows Server 2016 - Part 5]

Hello again,

  I do have one more question that I was never really sure about when I followed your guide.

certutil -f -dspublish "E:\dc2k16EntCA_DC2K16ENTCAROOT.crt" RootCA     ( ROOTCA ; Were we supposed to change that to the server name : dc2k16entCA (if so should it be FQDN) or leave it as ROOTCA  

certutil -f -dspublish "E:\DC2K16ENTCAROOT.crl" RootCA     ( ROOTCA ; same here:  Were we supposed to change that to the server name : dc2k16entSUBCA (if so should it be FQDN) or leave it as ROOTCA

your input would be most appreciated!!!!

[How can I configure PKI in a lab on Windows Server 2016 - Part 5]

Please disregard my previous post.. BUT in chapter 8 you show the way to verify all is well .  I am having no issues with auto enrollment..

but when I do the certutil -url c:\windows.cer, the OCSP shows verified, when I do the retrieve certs from AIA and CDP .. I get no urls… I cant seem to find anything to correct this that isn't very confusing??

Also maybe I am doing something wrong when request a cert thru the web browser.. https://dc2k16entsubca/certsrv  and fill out the form.. I go thru the steps and finally it tells me to install cert.. I do..

but when I look at mmc w/cert I don't see the cert .. but it is in the Cert Auth on the issuing Server.. Am I doing something wrong, or should I be doing something else.. (this server is not in autoenrollment) ..

[How can I configure PKI in a lab on Windows Server 2016 - Part 5]

I have been following your articles very closely.. I use an offline server, a issuing server, a web server...

I have done all the steps thru step 5 and when I use PKIView.msc the display shows me the my root has an error. the error is gthe cdp location #1 is unable to download.

I canty figure out why... below is the errored line. (HELP) I am going a bit crazy trying to figure out why?

ldap:///CN=DC2K16ENTCAROOT,CN=dc2k16EntCA,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=egmc,DC=org?certificateRevocationList?base?objectClass=cRLDistributionPoint

[How can I configure PKI in a lab on Windows Server 2016 - Part 5]

On ‎8‎/‎6‎/‎2019 at 5:25 AM, mniceguy81 said:

Thank you for your feedback and appreciate getting back to me. I did change the url and was just waiting for the OID as i was not sure.

After running the script it generated a lot of numbers 1.2.840.113556.1.8000.2554.xxxxx.xxx.xxxxx.xxxxx.xxxxxxxx.xxxxxxxx, Should i copy the whole numbers or just some of it?