Default values (AIA) (None AD member)
1:C:\Windows\System32\CertSvc\CertEnroll\%1_%3%4.crt 0:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11 0:http://%1/CertEnroll/%1_%3%4.crt 2:file://%1/CertEnroll/%1_%3%4.crt
Default values (CDP (CRL)) (None AD Member)
65:C:\Windows\System32\CertSvc\CertEnroll\%3%8%9.crl 8:ldap:///CN=%7%8,CN=CDP,CN=Public Key Services,CN=Services,%6%10 0:http://%1/CertEnroll/%3%8%9.crl 6:file://%1/CertEnroll/%3%8%9.crl
Default values (AIA) (AD member)
1:C:\Windows\System32\CertSvc\CertEnroll\%1_%3%4.crt 3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11 0:http://%1/CertEnroll/%1_%3%4.crt 2:file://%1/CertEnroll/%1_%3%4.crt
Default values (CDP (CRL)) (AD Member)
65:C:\Windows\System32\CertSvc\CertEnroll\%3%8%9.crl 79:ldap:///CN=%7%8,CN=CDP,CN=Public Key Services,CN=Services,%6%10 0:http://%1/CertEnroll/%3%8%9.crl 0:file://%1/CertEnroll/%3%8%9.crl
Settings used in AIA/CDP
Variable | GUINAME | Name | Example |
%1 | ? | ServerDNSName(FQDN) | |
%2 | <ServerShortName> | ServerShortName (Netbios) | HostName |
%3 | <CaName> | CA Name | CommonName |
%4 | <CertificateName> | CertificateName | |
%5 | Domain DN | DSDomainDN | |
%6 | <ConfigurationContainer> | ConfigDN | DSConfigDN |
%7 | <CATruncatedName> | CATruncatedName | CommonName? |
%8 | <CRLNameSuffix> | CRLNameSuffix | |
%9 | <DeltaCRLAllowed> | DeltaCRLAllowed | |
%10 | <CDPObjectClass> | CDPObjectClass | |
%11 | <CAObjectClass> | CAObjectClass | |
? | SYSTEM | C:\Windows\System32 |
CRL Flags
Bit | Value | Name | Explain |
0 | 1 | CSURL_SERVERPUBLISH | Publish CRLs to this location. (Write CRL as a file (or LDAP) to this location |
1 | 2 | CSURL_ADDTOCERTCDP | Include in the CDP extension of Issued certificates |
2 | 4 | CSURL_ADDTOFRESHESTCRL | Include in CRLs.Clients use this to find Delte CRL locations |
3 | 8 | CSURL_ADDTOCRLCDP | Include in all CRLs. Spescifies where to publish in the Active Directory when publishing manually. |
4 | 16 | CSURL_PUBLISHRETRY | |
5 | 32 | CSURL_ADDTOCERTOCSP | |
6 | 64 | CSURL_SERVERPUBLISHDELTA | Publish Delta CRLs to this location |
7 | 128 | CSURL_ADDTOIDP | Include in the IDP Extension of CRLs |
AIA Flags
Bit | Value | Name | Explain |
0 | 1 | Config_CA_CACert_Publish_To | The CA publishes its signing certificate to this location. |
1 | 2 | Config_CA_AIA_Include_In_Cert | Include in AIA extension of certificates (Write this location into the AIA part of all certificates issued) |
5 | 32 | Config_CA_OCSP_Include | Include in the online certificate status protocol (OCSP) extension |