O
Orbital
Hi All!!!
I'm currently implementing 2008 PKI using Brian Komar's excellent book, but
I've run into a few issues. These surfaced when trying to publish my root
and policy CA certs into my AD. On page 133, I'm running an amended piece of
code, with an exert below...
*********************
C:\PKI\USB>certutil -dspublish -f "Test Corporate Policy CA.crl"
ldap:///CN=Test Corporate Policy CA,CN=tb2008pki02,CN=CDP,CN=Public Key
Services
,CN=Services,DC=UnavailableConfigDN?certificateRevocationList?base?objectClass=c
RLDistributionPoint?certificateRevocationList
ldap: 0xa: 0000202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'unavailableconfigdn'
CertUtil: -dsPublish command FAILED: 0x8007202b (WIN32: 8235)
CertUtil: A referral was returned from the server.
*********************
Now, I see the problem here
'CN=Services,DC=UnavailableConfigDN?certificateRevocationList'. The question
is, how do I fix it? I've had a scout around and found the following
http://www.derkeiler.com/Newsgroups/micros...8/msg00047.html
In this article, Brian speaks of an incorrect %%6 value in [presumably] the
root CA post install script. But I don't see how I would change this in this
file? And to what value?
Brian's fix, is to run the following command:
certutil -setreg ca\DSConfigDN CN=Configuration,DC=root,DC=example,DC=com
This is understood, [is the DC=root as it is above a fixed value, or is this
just an example of a possible domain name?] but would I then have to revoke
the currently issued cert, and then go through my setup on my policy box
again with the correct new ones?
I'm COMPLETELY new to PKI, so any help is greatly appreciated
Many thanks in advance,
Orb.
I'm currently implementing 2008 PKI using Brian Komar's excellent book, but
I've run into a few issues. These surfaced when trying to publish my root
and policy CA certs into my AD. On page 133, I'm running an amended piece of
code, with an exert below...
*********************
C:\PKI\USB>certutil -dspublish -f "Test Corporate Policy CA.crl"
ldap:///CN=Test Corporate Policy CA,CN=tb2008pki02,CN=CDP,CN=Public Key
Services
,CN=Services,DC=UnavailableConfigDN?certificateRevocationList?base?objectClass=c
RLDistributionPoint?certificateRevocationList
ldap: 0xa: 0000202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'unavailableconfigdn'
CertUtil: -dsPublish command FAILED: 0x8007202b (WIN32: 8235)
CertUtil: A referral was returned from the server.
*********************
Now, I see the problem here
'CN=Services,DC=UnavailableConfigDN?certificateRevocationList'. The question
is, how do I fix it? I've had a scout around and found the following
http://www.derkeiler.com/Newsgroups/micros...8/msg00047.html
In this article, Brian speaks of an incorrect %%6 value in [presumably] the
root CA post install script. But I don't see how I would change this in this
file? And to what value?
Brian's fix, is to run the following command:
certutil -setreg ca\DSConfigDN CN=Configuration,DC=root,DC=example,DC=com
This is understood, [is the DC=root as it is above a fixed value, or is this
just an example of a possible domain name?] but would I then have to revoke
the currently issued cert, and then go through my setup on my policy box
again with the correct new ones?
I'm COMPLETELY new to PKI, so any help is greatly appreciated
Many thanks in advance,
Orb.