Renew the CA Exchange Cert:

[Kristin Griffin]

Hi Folks. Still poking at the Enterrpise PKI tool to see if its useful.

I understand that the AIA and CRL locations status in this tool is the
reflection of what is in the last CA Exchange certificate. So if you make
changes, and test, things could be fine ,but PKIView will not show the
updated status until the CA Exchange Certificate is renewed. How can I
force this to happen? I understand it is stored in AD. There must be a
command to renew this cert....
Thanks,

Kristin

[Brian Komar (MVP)]

I typically have deleted the certificate from the machine store of the CA.
Brian
"Kristin Griffin" <kristin....@gmail.com> wrote in message
news:e26ujFkf...@TK2MSFTNGP05.phx.gbl...

[Kristin Griffin]

Brian, Thanks for the info. I looked in the Computer store on the CA and I
dont see this certificate. I have 4 certs in the machine personal store:

intended purposes are: OCSP Signing, Server Auth, Server Auth, and <All>.
None say they used the CA Exchange Template either.

I have figured out that I can also revoke that CA Exchange cert and a new
one will get issued, but it does not get put in the machine store either.
the CA Manager says it was issued, but i cant find it. Can you help here?

PKIView still shows the AIA and CDP and delta CRD locations as unable to
download. However, if I copy the URL and paste it into a browser it works
fine.

So, if the locations are pulled from the CA Exch cert, and the locations are
vertified as good, meaning I right click on the location in PKIView, and
click Copy URL, and then paste that in to a browser and get a file,why does
PKIView still show "unable to download"?
I must not be doing something right as far aas the CA Exch cert. how can I
find this cert and delete it?

Thanks!

"Brian Komar (MVP)" <brian.kom...@nospam.identit.ca> wrote in message
news:eMhSaQkf...@TK2MSFTNGP02.phx.gbl...

[NewBee]

Is caching involved somehow ?