I am trying to use PSPKI (3.1.0.0) to examine my PKI's CDPs (to alert when the CRLs need renewing) but am running into some fairly basic issues.
When retrieving the default CA details, the CRL URIs are not returned:
If using the Get-CRLDistributionPoint cmdlet, URIs are returned, but they contain variable names, as per the Extensions tab of the CA properties in the Certification Authority MMC snap-in.:
Many thanks, Doc.
When retrieving the default CA details, the CRL URIs are not returned:
Get-CertificationAuthority | Format-List -Property *If using the Get-CRLDistributionPoint cmdlet, URIs are returned, but they contain variable names, as per the Extensions tab of the CA properties in the Certification Authority MMC snap-in.:
Get-CertificationAuthority | Get-CRLDistributionPoint | Select-Object -ExpandProperty URI
RegURI : 65:C:\WINDOWS\system32\CertSrv\CertEnroll\%3%8%9.crl
ConfigURI : 65:C:\WINDOWS\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
UrlScheme : Unknown
RegURI : 0:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
ConfigURI : 0:ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key
Services,CN=Services,<ConfigurationContainer><CDPObjectClass>
UrlScheme : LDAP
RegURI : 134:http://ca.domain.local/CertEnroll/%3%8%9.crl
ConfigURI : 134:http://ca.domain.local/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
UrlScheme : HTTPMany thanks, Doc.