A few years ago we installed certificate authority onto a widnows 2003 server (CAserver1). we created a self-signed root cert, and issued certs for internal services (https, WCF services, etc).
Fast forward to current time: we had a major server go belly up, and through a series of server shuffling, the CA was moved to a windows 2008r2 server (CAserver2) via CA’s backup / restore. This worked fine for a few days, but then things started breaking. It seems that the root cert and all issued certs under it have CAserver1 hard coded into the CRLs. We added CAserver1 to the list of places to publish the CRLs and that seemed to fix the immediate problem, but what we’d really like is to get this fixed for the long term.
Is there a way to change the CRLs on the root cert, or just remove them altogether?
Answer
We ended up just creating a new root cert that was more diligently set up.
Attribution
Source : Link , Question Author : Justin Killen , Answer Author : Justin Killen
