%3CLINGO-SUB%20id%3D%22lingo-sub-1128382%22%20slang%3D%22en-US%22%3EManually%20publishing%20a%20CA%20certificate%20or%20CRL%20into%20a%20LDAP%20store%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1128382%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20Apr%2013%2C%202007%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin%3A%200cm%200cm%2010pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%22%3E%20The%20CA%20is%20automatically%20publishing%20its%20own%20certificates%20and%20related%20CRLs%20into%20Active%20Directory%20if%20a%20LDAP%20reference%20is%20configured%20in%20the%20CA%20property%20%E2%80%9CExtensions%E2%80%9D.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin%3A%200cm%200cm%2010pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%22%3E%20If%20you%20are%20using%20a%20different%20LDAP%20server%20(such%20as%20Microsoft%20%3CA%20title%3D%22Active%20Directory%20Application%20Mode%22%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fadam%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20ADAM%20%3C%2FA%3E%20)%20to%20make%20the%20CA%20certificate%20and%20CRL%20available%2C%20certificates%20and%20CRLs%20must%20be%20published%20manually.%20The%20easiest%20way%20to%20do%20that%20is%20with%20certutil.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin%3A%200cm%200cm%2010pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%22%3E%20Perform%20the%20following%20command%20to%20publish%20the%20CRL%20manually%20into%20a%20LDAP-store.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin%3A%200cm%200cm%2010pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%208pt%3B%20color%3A%20black%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Courier%20New'%3B%20mso-themecolor%3A%20text1%3B%20mso-ansi-language%3A%20EN-US%3B%22%3E%20certutil%20%E2%80%93addstore%20%22LDAP%3A%2F%2F%5Bserver%5D%2F%5BDN%5D%3FcertificateRevocationList%3Fbase%3Fobjectclass%3DcRLDistributionPoint%22%20%5BCRL-File%5D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin%3A%200cm%200cm%2010pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%22%3E%20Replace%20%5Bserver%5D%20with%20the%20name%20of%20the%20LDAP%20server%20where%20you%20have%20write%20permissions.%20%3CBR%20%2F%3EReplace%20%5BDN%5D%20with%20the%20path%20that%20you%20have%20used%20in%20the%20CA%20configuration.%20%3CBR%20%2F%3EReplace%20%5BCRL-File%5D%20with%20the%20file%20name%20of%20the%20CRL%20that%20you%20want%20to%20publish.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin%3A%200cm%200cm%2010pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%22%3E%20Here%20is%20the%20command%20to%20publish%20a%20CA%20certificate%20manually%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin%3A%200cm%200cm%2010pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%208pt%3B%20color%3A%20black%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Courier%20New'%3B%20mso-themecolor%3A%20text1%3B%20mso-ansi-language%3A%20EN-US%3B%22%3E%20certutil%20%E2%80%93addstore%20%22LDAP%3A%2F%2F%5Bserver%5D%2F%5BDN%5D%3FcACertificate%3Fbase%3FobjectClass%3DcertificationAuthority%22%20%5Bcert-file%5D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%20mso-fareast-font-family%3A%20Calibri%3B%20mso-fareast-theme-font%3A%20minor-latin%3B%20mso-fareast-language%3A%20EN-US%3B%20mso-bidi-language%3A%20AR-SA%3B%22%3ETo%20manually%20publish%20a%20CA%20certificate%20or%20CRL%20into%20Active%20Directory%20you%20should%20still%20use%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%208pt%3B%20color%3A%20black%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Courier%20New'%3B%20mso-themecolor%3A%20text1%3B%20mso-ansi-language%3A%20EN-US%3B%20mso-fareast-font-family%3A%20Calibri%3B%20mso-fareast-theme-font%3A%20minor-latin%3B%20mso-fareast-language%3A%20EN-US%3B%20mso-bidi-language%3A%20AR-SA%3B%22%3E%20certutil%20%E2%80%93dspublish%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%20mso-fareast-font-family%3A%20Calibri%3B%20mso-fareast-theme-font%3A%20minor-latin%3B%20mso-fareast-language%3A%20EN-US%3B%20mso-bidi-language%3A%20AR-SA%3B%22%3E%20instead%20of%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%208pt%3B%20color%3A%20black%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Courier%20New'%3B%20mso-themecolor%3A%20text1%3B%20mso-ansi-language%3A%20EN-US%3B%20mso-fareast-font-family%3A%20Calibri%3B%20mso-fareast-theme-font%3A%20minor-latin%3B%20mso-fareast-language%3A%20EN-US%3B%20mso-bidi-language%3A%20AR-SA%3B%22%3E%20certutil%20%E2%80%93addstore%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%2010pt%3B%20color%3A%20%2331849b%3B%20line-height%3A%20115%25%3B%20font-family%3A%20'Lucida%20Sans%20Unicode'%2C'sans-serif'%3B%20mso-themecolor%3A%20accent5%3B%20mso-themeshade%3A%20191%3B%20mso-ansi-language%3A%20EN-US%3B%20mso-fareast-font-family%3A%20Calibri%3B%20mso-fareast-theme-font%3A%20minor-latin%3B%20mso-fareast-language%3A%20EN-US%3B%20mso-bidi-language%3A%20AR-SA%3B%22%3E%20.%20%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1128382%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TECHNET%20on%20Apr%2013%2C%202007%20The%20CA%20is%20automatically%20publishing%20its%20own%20certificates%20and%20related%20CRLs%20into%20Active%20Directory%20if%20a%20LDAP%20reference%20is%20configured%20in%20the%20CA%20property%20%E2%80%9CExtensions%E2%80%9D.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1128382%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECarstenKinder%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

First published on TECHNET on Apr 13, 2007

The CA is automatically publishing its own certificates and related CRLs into Active Directory if a LDAP reference is configured in the CA property “Extensions”.

 

 

 

If you are using a different LDAP server (such as Microsoft ADAM ) to make the CA certificate and CRL available, certificates and CRLs must be published manually. The easiest way to do that is with certutil.

 

 

 

Perform the following command to publish the CRL manually into a LDAP-store.

 

 

 

certutil –addstore "LDAP://[server]/[DN]?certificateRevocationList?base?objectclass=cRLDistributionPoint" [CRL-File]

 

 

 

Replace [server] with the name of the LDAP server where you have write permissions.
Replace [DN] with the path that you have used in the CA configuration.
Replace [CRL-File] with the file name of the CRL that you want to publish.

 

 

 

Here is the command to publish a CA certificate manually:

 

 

 

certutil –addstore "LDAP://[server]/[DN]?cACertificate?base?objectClass=certificationAuthority" [cert-file]

 

 

To manually publish a CA certificate or CRL into Active Directory you should still use certutil –dspublish instead of certutil –addstore .