Skip to main content

AD CS: Authority information access locations

This is article is applicable to Windows Server 2008 R2. This article will be very helpful in order to address a specific issue identified by a Best Practices Analyzer scan. The main thing to remember is that you can use this procedure only on the computers that have the Active Directory Certificate Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic.

Operating SystemWindows Server 2008 R2
Product/FeatureActive Directory Certificate Services

The other thing to remember is that the Certification Authority isn’t configured to comprise the authority information access locations in the extension of issued certificates. Moreover, the authority information access extension provides the network location of the issuing CA’s certificate.

Clients may not be able to locate the issuing CA's certificate to build a certificate chain, and certificate validation may fail.

Certificate validation is critical to a correctly functioning public key infrastructure (PKI). For a valid certificate, a certification path that leads to a trusted root certificate is required. In order to build a certification path, the issuing CA’s certificate is retrieved by CryptoAPI, which reads the authority information access extension of issued certificates to identify the network location of the CA's certificate. Remember that if the extension doesn’t include the location of the CA certificate, the certificate validation can’t be completed. Moreover, the applications that require the certificate may fail.
You can use the Certification Authority snap-in to configure the authority information access extension and specify the network location of the issuing CA’s certificate. During the CA installation, the default locations of the CA certificate will be added to the authority information access extension settings. Moreover, the CA is configured to include the default locations in the extensions of all issued certificates. You can use the following procedure to add the valid locations and configure them to be included in issued certificates when the default locations aren’t present or valid.
How to configure authority information access extension settings?
1.    Open the Certification Authority snap-in.
2.    First, it is required to open the Certification Authority snap-in.
3.    Then, it is required to right click the CA and then select Properties.
4.    After that, click the Extension tab.
5.    Now, in the Select Extension tab, select Authority Information Access.
6.    If you find that the Specify locations list doesn’t include a valid location for the CA certificate, click Add to open the Add Location dialog box.
7.    After that, type a valid location and click OK.
8.    Repeat the same for multiple locations.
9.    Then, in the Specify Locations list, it is required to click a location and then select the Include in the Authority Information Access Extension of Issued Certificates check box.
10.    Now, click OK to save changes.
11.    The Active Directory Certificate Services must be restarted for the changes to take the effect.

B  y

Popular posts from this blog

New Micro battery, power packed for high performance

For a size of a few millimetres, the new micro-batteries are powerful enough to jump start a car battery and then quickly charge the cell phone. Researchers from the University of Illinois have developed the micro batteries which can be used to drive compact electronic devices and new applications for radio communications. The micro batteries are so good that they can even out power the super capacitors. The results were published in ‘Nature Communications’ in the April 16 issue. The micro batteries have energy and power and with the researchers tweaking the structure of the micro batteries a little bit, its use can be for wide range applications. The high performance of the micro battery is based on its 3-dimensional micro-structure. Based on the design of fast charging cathode by Professor Paul Braun’s group, researchers developed the matching anode and integrated it with the fast charging cathode at a micro-scale and made a complete battery with high performance. These batteries cou

HTC Touch Diamond SmartPhone!

The phones design is an innovative in which the user has the geometric form language to make sure a clutter-free environment for screening content. The San Francisco based studio One & Co collaborated with HTC Taiwan Design team to create Diamond HTC smartphone. The HTC phone is quite wonderful with design and the rapid development in the smartphone market the HTC has taken innovative steps to capture the SmartPhone market HTC develops these kind of new inventive designs. Inspired

Google Health Login Page is Ready!

Google's Marissa Mayer announced that the Google Health will be launched on 2008. The service of the Google Health Login Page is ready. It's only the first intro page is displayed and I didn't get passed to the next page. In the same page y0u can see the information displaying on the Google Health. If you point your mouse on the below link you can visit the Google Health Page With Google Health, you can: * Build online health profiles that belong to you * Download medical records from doctors and pharmacies * Get personalized health guidance and relevant news * Find qualified doctors and connect to time-saving services * Share selected information with family or caregivers This will be a nice development about caring health and this will helps in having some cautious about health. Inspired