none
CA config Problem RRS feed

  • Question

  • Hi guys,

    Never seen this before and I cannot find where it is coming from. Stood up a CA with the following script:

    $crllist = Get-CACrlDistributionPoint; foreach ($crl in $crllist) {Remove-CACrlDistributionPoint $crl.uri -Force};
    Add-CACRLDistributionPoint -Uri C:\Windows\System32\CertSrv\CertEnroll\%3%8%9.crl -PublishToServer -PublishDeltaToServer -Force
    Add-CACRLDistributionPoint -Uri http://pki.company.local/pki/%3%8%9.crl> -AddToCertificateCDP -Force
    Add-CACRLDistributionPoint -Uri file://\\cctcca.company.local\pki\%3%8%9.crl -PublishToServer -PublishDeltaToServer -Force
    $aialist = Get-CAAuthorityInformationAccess; foreach ($aia in $aialist) {Remove-CAAuthorityInformationAccess $aia.uri -Force};
    Add-CAAuthorityInformationAccess -AddToCertificateAia http://pki.company.local/pki/%1_%3%4.crt -Force

    when I go to the Enterprise PKI snap-in, it is failing to download the CDP Location #1. Unable to Download because:

    http://pki.company.com/pki/......crl%3E

    where is the %3E coming from on the back end? I cannot find it anywhere in the config and I have searched the registry as well. Nowhere. How do I fix this?

    Monday, February 26, 2018 5:24 PM

Answers

  • Why is there a greater than symbol in that command?

    Add-CACRLDistributionPoint -Uri http://pki.company.local/pki/%3%8%9.crl > -AddToCertificateCDP

    • Marked as answer by Vegas577 Monday, February 26, 2018 8:15 PM
    Monday, February 26, 2018 6:44 PM
  • Add-CACRLDistributionPoint -Urihttp://pki.company.local/pki/%3%8%9.crl> -AddToCertificateCDP -Force

    look the end of file name. You have extra angle bracket after file extension. When encoding URL as HTML, the bracket is converted to "%3e" html code.  When you fix it, you will have to reissue all certificates if any to fix them.


    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell File Checksum Integrity Verifier tool.

    • Marked as answer by Vegas577 Monday, February 26, 2018 8:15 PM
    Monday, February 26, 2018 6:48 PM

All replies

  • Why is there a greater than symbol in that command?

    Add-CACRLDistributionPoint -Uri http://pki.company.local/pki/%3%8%9.crl > -AddToCertificateCDP

    • Marked as answer by Vegas577 Monday, February 26, 2018 8:15 PM
    Monday, February 26, 2018 6:44 PM
  • Add-CACRLDistributionPoint -Urihttp://pki.company.local/pki/%3%8%9.crl> -AddToCertificateCDP -Force

    look the end of file name. You have extra angle bracket after file extension. When encoding URL as HTML, the bracket is converted to "%3e" html code.  When you fix it, you will have to reissue all certificates if any to fix them.


    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell File Checksum Integrity Verifier tool.

    • Marked as answer by Vegas577 Monday, February 26, 2018 8:15 PM
    Monday, February 26, 2018 6:48 PM