Configuring the Certification Distribution Point and Authority Information Access settings

Configure the Certification Distribution Point (CDP) and Authority Information Access (AIA) settings for Certificate Revocation List (CRL).

From Server Manager, click

Tools

Certification Authority

From the left panel, right‑click the CA, and then click

Properties

Extensions

In the Select extension menu, select

CRL Distribution Point (CDP)

In the certificate revocation list, select the

C:\Windows\system32\

entry, and then do the following:

Select

Publish CRLs to this location

Clear

Publish Delta CRLs to this location

Delete all other entries except for C:\Windows\system32\
.

Click

Add

In the Location field, add

http://serverIP
/CertEnroll/<CAName><CRLNameSuffix><DeltaCRLAllowed>.crl

, where

serverIP

is the IP address of the server.

If your server is reachable by using the FQDN, then use the <ServerDNSName>
instead of the server IP address.

Click

Select

Include in the CDP extension of issued certificates

for the created entry.

In the Select extension menu, select

Authority Information Access (AIA)

Delete all other entries except for C:\Windows\system32\
.

Click

Add

In the Location field, add

http://serverIP
/CertEnroll/<ServerDNSName>_<CAName><CertificateName>.crt

, where

serverIP

is the IP address of the server.

If your server is reachable by using the FQDN, then use the <ServerDNSName>
instead of the server IP address.

Click

Select

Include in the AIA extension of issued certificates

for the created entry.

Click

Apply

If necessary, restart the certification service.

From the left panel, expand the CA, right‑click

Revoked Certificates

, and then click

Properties

Specify the value for CRL publication interval and for Publish Delta CRLs Publication interval, and then click

Apply

From the left panel, right‑click

Revoked Certificates

, click

All Tasks

, and then publish the New CRL.