Now we need to create DNS record for our new HTTP CDP Point.
Log in to your Domain Controller, go to Server Manager, Tools and DNS Management:
Right click on your Forward Lookup Zones and choose New Host (A or AAAA).
Use crl as name and Certificate Authority IP address, so all request to http://crl.yourdomain.com will go to your CA.
Now you can close DNS management and go back to your CA server.
Log in to your CA, go to Server Manager, Tools and Internet Information Services (IIS) Manager
Rigt click on Default Web Site, pick Add Virtual Directory
type CRLD as Alias and then click on … go to C:\ drive and create folder CRLDist. Confirm Add Virtual Directory with hitting on OK.
Click on newly create Virtual Directory CRLD and choose Directory Browsing
Enable feature on right side via Actions
Go back and open Configuration Editor (at the bottom)
go to system.webServer/security/requestFiltering and change allowDoubleEscaping from False to True and hit Apply.
You can now close IIS manager.
Go to This PC, C:\ drive and open properties of CRLDist folder. Click on Advanced Sharing, check Share this folder, as Share name use CRLDist$ and click on Permissions.
In Permissions tab, click Add. (In Object types, check Computers) and add your CA computer account, grant Full control
Go back to Security tab and grant CA server computer account full control. Confirm with OK.
Now go back to Certificate Authority console, right click on Revoked Certificates, All Tasks, Publish
Choose New CRL and hit ok
Now go to your CRLDist folder and you should see following:
To test HTTP CDP point, open Internet Explorer and type following url:
and you should be able to download your crl, if all is configured properly: