Sidebar
nps:pki:aiacdp
AIA/CDP
Default values (AIA) (None AD member)
1:C:\Windows\System32\CertSvc\CertEnroll\%1_%3%4.crt 0:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11 0:http://%1/CertEnroll/%1_%3%4.crt 2:file://%1/CertEnroll/%1_%3%4.crt
Default values (CDP (CRL)) (None AD Member)
65:C:\Windows\System32\CertSvc\CertEnroll\%3%8%9.crl 8:ldap:///CN=%7%8,CN=CDP,CN=Public Key Services,CN=Services,%6%10 0:http://%1/CertEnroll/%3%8%9.crl 6:file://%1/CertEnroll/%3%8%9.crl
Default values (AIA) (AD member)
1:C:\Windows\System32\CertSvc\CertEnroll\%1_%3%4.crt 3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11 0:http://%1/CertEnroll/%1_%3%4.crt 2:file://%1/CertEnroll/%1_%3%4.crt
Default values (CDP (CRL)) (AD Member)
65:C:\Windows\System32\CertSvc\CertEnroll\%3%8%9.crl 79:ldap:///CN=%7%8,CN=CDP,CN=Public Key Services,CN=Services,%6%10 0:http://%1/CertEnroll/%3%8%9.crl 0:file://%1/CertEnroll/%3%8%9.crl
Settings used in AIA/CDP
| Variable | GUINAME | Name | Example |
| %1 | ? | ServerDNSName(FQDN) | |
| %2 | <ServerShortName> | ServerShortName (Netbios) | HostName |
| %3 | <CaName> | CA Name | CommonName |
| %4 | <CertificateName> | CertificateName | |
| %5 | Domain DN | DSDomainDN | |
| %6 | <ConfigurationContainer> | ConfigDN | DSConfigDN |
| %7 | <CATruncatedName> | CATruncatedName | CommonName? |
| %8 | <CRLNameSuffix> | CRLNameSuffix | |
| %9 | <DeltaCRLAllowed> | DeltaCRLAllowed | |
| %10 | <CDPObjectClass> | CDPObjectClass | |
| %11 | <CAObjectClass> | CAObjectClass | |
| ? | SYSTEM | C:\Windows\System32 | |
CRL Flags
| Bit | Value | Name | Explain |
| 0 | 1 | CSURL_SERVERPUBLISH | Publish CRLs to this location. (Write CRL as a file (or LDAP) to this location |
| 1 | 2 | CSURL_ADDTOCERTCDP | Include in the CDP extension of Issued certificates |
| 2 | 4 | CSURL_ADDTOFRESHESTCRL | Include in CRLs.Clients use this to find Delte CRL locations |
| 3 | 8 | CSURL_ADDTOCRLCDP | Include in all CRLs. Spescifies where to publish in the Active Directory when publishing manually. |
| 4 | 16 | CSURL_PUBLISHRETRY | |
| 5 | 32 | CSURL_ADDTOCERTOCSP | |
| 6 | 64 | CSURL_SERVERPUBLISHDELTA | Publish Delta CRLs to this location |
| 7 | 128 | CSURL_ADDTOIDP | Include in the IDP Extension of CRLs |
AIA Flags
| Bit | Value | Name | Explain |
| 0 | 1 | Config_CA_CACert_Publish_To | The CA publishes its signing certificate to this location. |
| 1 | 2 | Config_CA_AIA_Include_In_Cert | Include in AIA extension of certificates (Write this location into the AIA part of all certificates issued) |
| 5 | 32 | Config_CA_OCSP_Include | Include in the online certificate status protocol (OCSP) extension |
nps/pki/aiacdp.txt ยท Last modified: 2019/03/18 10:56 by admin
Page Tools
