In this article I will walk you through a process to set up a certification authority (CA) to publish a certificate revocation list (CRL) distribution point via HTTP.
Installed & Configured Windows Server with Active Directory Certificate Services.
Configure the CDP settings on the CA
- In Server Manager, go to Tools and open Certificate Authorities, click on Properties. On the Extensions tab, click Add.
- In Location, type http://crl.<the domainname>/crld/ For example, http://crl.yourdomainname.com/crld/
- In Variable name, click <CaName>, click Insert; click <CRLNameSuffix>, click Insert; click <DeltaCRLAllowed>, click Insert.
- In Location, type .crl at the end of the Location string and then click OK.
- Select Include in CRLs. Clients use this to find Delta CRL locations. And Include in the CDP extension of issued certificates, then click Apply.
- Click No in the dialog box asking you to restart the ADCS.
Configure the file share:
In Location, define the file server and share name.I am using share folder on local server so: C:\crldist .
In Variable, click <CAName>, click Insert; In Variable, click <CRLNameSuffix>, click Insert; In Variable, click <DeltaCRLAllowed>, click Insert.
In Location, type .crl at the end of the Location string and then click OK.
Select Publish CRLs to this location and Publish Delta CRLs to this Location, then click Apply. Click Yes in the dialog box asking you to restart the CA.
I have also deleted all other CDP points as my infrastructure will use HTTP access as my only CDP point
Now you can close the CA console.