How to Publish Root/Policy CAs in Active Directory

In order to get the Root and Policy CA’s CRT and CRL files published in Active Directory, you’ll need to run the following commands from a command line with elevated permissions. Make sure you either reference the directory in the file name or run the command from the directory where you have these files stored.

You should do this prior to setting up your Issuing CA, but it is not required if you manually add the CRT’s to the Issuing CA and have the CRL’s published in a location the Issuing CA can resolve.


certutil -dspublish -f "ROOTCA.crt" RootCA
certutil -dspublish -f "POLICYCA.crt" SubCA
certutil -dspublish -f "ROOTCA.crl"
certutil -dspublish -f "POLICYCA.crl"
gpupdate /force

About Rebecca Harness

Rebecca Harness is a Business Information Security Officer (BISO) for a publicly-traded, global information solutions company. As BISO, she champions security initiatives and recommends strategies to mitigate risk, facilitating innovation and new product development. She’s also responsible for representing the business unit’s security program in client facing engagements, conferences, and industry forums. Prior to her current role, she was an influential cybersecurity leader for one of the world’s largest transportation providers, known for transforming information security efforts into well-orchestrated programs. There, she developed an innovative methodology for delivering key information security priorities as a service model, leading to quicker adoption enterprise-wide while significantly reducing operational costs. She also led and modernized their global, multi-brand PCI Assessment and other compliance initiatives. In the early 2000’s, Rebecca developed one of St. Louis' leading Managed Services Providers from a startup in a spare bedroom into a mature consulting company with 30+ employees and 150+ clients in the Greater St. Louis Area. Rebecca holds many certifications, including; ISACA Certified Information Systems Auditor (CISA); ISC2 Certified Information Systems Security Professional (CISSP); and GIAC Security Leadership Certified (GSLC). She’s also a proud alumni of Hastings College and a longtime member of the Society of American Magicians.

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s