How to Publish Root/Policy CAs in Active Directory

In order to get the Root and Policy CA’s CRT and CRL files published in Active Directory, you’ll need to run the following commands from a command line with elevated permissions. Make sure you either reference the directory in the file name or run the command from the directory where you have these files stored.

You should do this prior to setting up your Issuing CA, but it is not required if you manually add the CRT’s to the Issuing CA and have the CRL’s published in a location the Issuing CA can resolve.

certutil -dspublish -f "ROOTCA.crt" RootCA
certutil -dspublish -f "POLICYCA.crt" SubCA
certutil -dspublish -f "ROOTCA.crl"
certutil -dspublish -f "POLICYCA.crl"
gpupdate /force

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s