Skip to main content

AD CS: Authority information access locations

This is article is applicable to Windows Server 2008 R2. This article will be very helpful in order to address a specific issue identified by a Best Practices Analyzer scan. The main thing to remember is that you can use this procedure only on the computers that have the Active Directory Certificate Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic.



















Operating SystemWindows Server 2008 R2
Product/FeatureActive Directory Certificate Services
SeverityWarning
CategoryConfiguration

Issue
The other thing to remember is that the Certification Authority isn’t configured to comprise the authority information access locations in the extension of issued certificates. Moreover, the authority information access extension provides the network location of the issuing CA’s certificate.

Impact
Clients may not be able to locate the issuing CA's certificate to build a certificate chain, and certificate validation may fail.


Certificate validation is critical to a correctly functioning public key infrastructure (PKI). For a valid certificate, a certification path that leads to a trusted root certificate is required. In order to build a certification path, the issuing CA’s certificate is retrieved by CryptoAPI, which reads the authority information access extension of issued certificates to identify the network location of the CA's certificate. Remember that if the extension doesn’t include the location of the CA certificate, the certificate validation can’t be completed. Moreover, the applications that require the certificate may fail.
Resolution
You can use the Certification Authority snap-in to configure the authority information access extension and specify the network location of the issuing CA’s certificate. During the CA installation, the default locations of the CA certificate will be added to the authority information access extension settings. Moreover, the CA is configured to include the default locations in the extensions of all issued certificates. You can use the following procedure to add the valid locations and configure them to be included in issued certificates when the default locations aren’t present or valid.
How to configure authority information access extension settings?
1.    Open the Certification Authority snap-in.
2.    First, it is required to open the Certification Authority snap-in.
3.    Then, it is required to right click the CA and then select Properties.
4.    After that, click the Extension tab.
5.    Now, in the Select Extension tab, select Authority Information Access.
6.    If you find that the Specify locations list doesn’t include a valid location for the CA certificate, click Add to open the Add Location dialog box.
7.    After that, type a valid location and click OK.
8.    Repeat the same for multiple locations.
9.    Then, in the Specify Locations list, it is required to click a location and then select the Include in the Authority Information Access Extension of Issued Certificates check box.
10.    Now, click OK to save changes.
11.    The Active Directory Certificate Services must be restarted for the changes to take the effect.

B  y

Popular posts from this blog

New Micro battery, power packed for high performance

For a size of a few millimetres, the new micro-batteries are powerful enough to jump start a car battery and then quickly charge the cell phone. Researchers from the University of Illinois have developed the micro batteries which can be used to drive compact electronic devices and new applications for radio communications. The micro batteries are so good that they can even out power the super capacitors. The results were published in ‘Nature Communications’ in the April 16 issue. The micro batteries have energy and power and with the researchers tweaking the structure of the micro batteries a little bit, its use can be for wide range applications.

The high performance of the micro battery is based on its 3-dimensional micro-structure. Based on the design of fast charging cathode by Professor Paul Braun’s group, researchers developed the matching anode and integrated it with the fast charging cathode at a micro-scale and made a complete battery with high performance. These batteries cou…

HTC Touch Diamond SmartPhone!

The phones design is an innovative in which the user has the geometric form language to make sure a clutter-free environment for screening content. The San Francisco based studio One & Co collaborated with HTC Taiwan Design team to create Diamond HTC smartphone.







The HTC phone is quite wonderful with design and the rapid development in the smartphone market the HTC has taken innovative steps to capture the SmartPhone market HTC develops these kind of new inventive designs.
Inspired

How to Automatically Convert any RSS Feed to an iPhone Web app!

For iPhone users this is another web app which converts any well formed XML RSS feed to an iPhone version. It is possible because it is worked with the typical sliding style interface to suit the iPhone optimized version. For instance if you had the iPhone right now here is the Google News Feed




Jim Liddle, one of the creators of the service, told iPhone Atlas “You can book mark the generated site and use it to host your own content and reference it from your own. It seems that these feed on your iPhone is quiet usable.