1. Login to offline RootCA and create a new crl file:
certutil –crl
2. Copy CRL file from C:\Windows\System32\Certsrv\CertEnroll\ to a USB
3. on Issuing servers upload crl file to C:\inetpub\wwwroot\pki and other locations that CRL should be uploaded to like share or AD.
Publish in AD with: certutil –dspublish -f C:\CRKRoot.crl
No comments:
Post a Comment