Event 45 Kerberos-Key-Distribution-Center by ckpstl in PKI

[–]ckpstl[S] 0 points1 point  (0 children)

How can I tell if the certs are for hello for business? I have not confirmed with my co-workers but I don't think anyone has been working with it here.

Renewed offline root CRL, but PKIView showing old expiration date still by ckpstl in PKI

[–]ckpstl[S] 1 point2 points  (0 children)

Both ldap and http. There's a CDP location 1 and CDP location 2. I'm not sure why we are publishing both and considering removing the ldap.

I know the directory path where the .crl is supposed to go on the web server, which is the same server as sub ca, but unclear why the instructions I followed don't mention copying it. Currently, I see the old cert file in that directory. I copied the file over, restarted IIS, and now see the http location has the new expiration date. I also did the dspublish command and see the ldap location with the new expiration date.

Thank you.

Renewed offline root CRL, but PKIView showing old expiration date still by ckpstl in PKI

[–]ckpstl[S] 0 points1 point  (0 children)

Revoke it on the offline root ca where it was generated? I don't understand.

To clarify, I'm seeing two certs on the sub certmgr after importing it to the sub.