Pkiview.msc unable to download file

Copy link. Your CA certificate shouldn't need changing on the web server until it is renewed. IngridAtMicrosoft mentioned this issue Oct 15, Closing GH Issues PRMerger9 closed this Oct 15, Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment. Linked pull requests. Office Office Exchange Server. Not an IT pro? Windows Client. Sign in. United States English.

Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums. Microsoft Enterprise. Browse All Community Hubs. Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Showing results for. Show only Search instead for. Did you mean:. Sign In. Amer Kamal. Published Jan 24 PM Consider the following scenarios: If a publication point is configured correctly, the status column will report a value of OK.

If the publication point is configured incorrectly or if the CA certificate or CRL is not copied correctly to the publication point, the status column reports a status of Unable to Download. A "File not found" error in a browser indicated the file can't be downloaded, or the file is missing In general, this error can be attributed either to: A missing file in my case above, it was the certificate file of the issuing CA.

Copy the file to the distribution point and refresh Enterprise PKI. You should consider removing the proxy requirment for the computer security context There may be an access control list ACL blocking access to the file When dealing with Delta CRLs, the web site might block the download of the file due to double escaping. Adjust the Options in Enterprise PKI as follows: The expiring certificate indicator: You can specify how many days before expiration of a certificate that the PKI Health Tool will indicate that a certificate is expiring.

Consider using a much larger number than the default of 14 days. In fact, if you plan to issue certificates with a one-year validity period, you should use a notification of days The base CRL expiration indicator: The base CRL indicator should be set to a value that reflects the base CRL publication interval of your issuing CA.

If you publish the base CRL at a weekly interval, consider keeping the default expiration interval of two days. If you publish a delta CRL every day, the default of every four hours may be the right value for you. If you publish the delta CRL every eight hours, consider a value of two hours for expiration notification. A new entry can be added to the certificate attribute of the enterprise certification authority using the Recovery Agents tab in the CA properties Conclusion: Enterprise PKI provides a view of the status of your network's PKI environment.

Tags: PKI. Version history.