Configuring the Certification Distribution Point and Authority Information Access settings

Notes: Configure the Certification Distribution Point (CDP) and Authority Information Access (AIA) settings for Certificate Revocation List (CRL).

From Server Manager, click Tools > Certification Authority.
From the left panel, right‑click the CA, and then click Properties > Extensions.
In the Select extension menu, select CRL Distribution Point (CDP).
In the certificate revocation list, select the C:\Windows\system32\ entry, and then do the following:
1. Select Publish CRLs to this location.
2. Clear Publish Delta CRLs to this location.
Delete all other entries except for C:\Windows\system32\.
Click Add.
In the Location field, add http://serverIP/CertEnroll/<CAName><CRLNameSuffix><DeltaCRLAllowed>.crl, where serverIP is the IP address of the server.

Notes: If your server is reachable by using the FQDN, then use the <ServerDNSName> instead of the server IP address.
Click OK.
Select Include in the CDP extension of issued certificates for the created entry.
In the Select extension menu, select Authority Information Access (AIA).
Delete all other entries except for C:\Windows\system32\.
Click Add.
In the Location field, add http://serverIP/CertEnroll/<ServerDNSName>_<CAName><CertificateName>.crt, where serverIP is the IP address of the server.

Notes: If your server is reachable by using the FQDN, then use the <ServerDNSName> instead of the server IP address.
Click OK.
Select Include in the AIA extension of issued certificates for the created entry.
Click Apply > OK.

Notes: If necessary, restart the certification service.
From the left panel, expand the CA, right‑click Revoked Certificates, and then click Properties.
Specify the value for CRL publication interval and for Publish Delta CRLs Publication interval, and then click Apply > OK.
From the left panel, right‑click Revoked Certificates, click All Tasks, and then publish the New CRL.