Last active
August 2, 2016 08:18
-
-
Save CJHarms/66a8acc88ca212be8540fe2a3fcb69b4 to your computer and use it in GitHub Desktop.
Microsoft AD CS Powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Remove all CDP Extensions and adds new correct ones | |
| $crllist = Get-CACrlDistributionPoint; foreach ($crl in $crllist) {Remove-CACrlDistributionPoint $crl.uri -Force}; | |
| Add-CACRLDistributionPoint -Uri C:\Windows\System32\CertSrv\CertEnroll\Customer-RootCA%8%9.crl -PublishToServer -PublishDeltaToServer -Force | |
| Add-CACRLDistributionPoint -Uri file://\\pki.contoso.local\pki\Customer-RootCA%8%9.crl -PublishToServer -PublishDeltaToServer -Force | |
| Add-CACRLDistributionPoint -Uri http://pki.contoso.local/pki/Customer-RootCA%8%9.crl -AddToCertificateCDP -AddToFreshestCrl -Force | |
| # Remove all AIA Extensions except for the Default one for C:\Windows\system32\CertSrv\CertEnroll | |
| Add-CAAuthorityInformationAccess -Uri http://pki.contoso.local/pki/Customer-RootCA%4.crt -AddToCertificateAia -Force | |
| Add-CAAuthorityInformationAccess -Uri http://pki.contoso.local/ocsp -AddToCertificateOcsp -Force |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When hosting the Share with the CRLs/CRTs on the AD CS Server itself and under an Alias like pki.corp.contoso.com the Server itself can't publish the Revocation Lists because of a Loopback Problem.
Fix: https://support.microsoft.com/en-us/kb/896861