Jump to content


Bridge

Established Members
  • Posts

    3
  • Joined

  • Last visited

  • Days Won

    1

Bridge last won the day on July 23 2018

Bridge had the most liked content!

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Bridge's Achievements

Newbie

Newbie (1/14)

1

Reputation

  1. Within PKIView.msc I'm seeing an error for the Root CA -- CDP Location #1, set to LDAP. Everything else is reporting as healthy except for this. Is there a way to re-publish this, or what would be the best way to start determining where I went wrong with the setup?
  2. Bridge

    CAPolicy.inf ? Issuing CA

    Thanks for the link, and the lab is definitely very useful and better than some other ones I've seen. I'll go through it some more. It seems like there's very little info on this specific aspect available on the internet regarding CApolicy.inf. I'm probably overthinking it but don't want to get it wrong. In other examples like Brian Komars book I see he adds more info under [certsrv_server] like "CRLPeriod", "CRLPeriodUnits", etc. and was wondering if there was a reason they were excluded on yours, if they are no longer needed or are set elsewhere, or if it's just due to it being a lab environment and those are the bare minimum settings needed for CAPolicy.inf EDIT: Just so other people who have the same question, I was able to find out that the only thing the CApolicy is needed for is to overwrite the few parameters that otherwise can't be configured via Powershell/GUI. So you're probably going to find a whole array of CApolicy files that are all technically correct, production-quality, they just contain varying levels of detail, and it's actually better to set them using CERTUTIL instead of defining them in the CAPolicy.inf file.
  3. I'm going through the guide now and was wondering if the CAPolicy.inf for Part 5 (https://www.windows-noob.com/forums/topic/16256-how-can-i-configure-pki-in-a-lab-on-windows-server-2016-part-5/) is what is recommended/best-practice for a production environment? I plan on replacing the OID with one from IANA, and obviously replacing the rest of the URL to match our CPS, but is that all that is needed? Should anything else be added? I noticed on some Microsoft blogs/guides it has CRL and AIA info included in it, and various other settings. Just wondering if there's any other relevant information on this. Thank you!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.