How can I verify that my Windows Server 2003 Certificate Authority (CA) deployment is correctly configured?

John Savill

December 4, 2005

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A. Microsoft provides the PKI Health Tool (PKView.exe) as part of the Windows 2003 Resource Kit Tools (http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en). PKView determines whether the Authority Information Access (AIA) and Certificate Revocation List (CRL) distribution point URLs are valid and reachable. The tool also determines whether the associated certificates are nearing expiration. To run PKIView, select Start, Run, and type pkiview.mscA Microsoft Management Console (MMC) instance will initiate. Select a CA to display the status of each CRL and AIA location, as Figure 1 shows. If you have more than one CA in your hierarchy, select each CA in turn to check the status of the whole hierarchy. The status field should display OK for all entries. If the publication point isn't correctly configured or the CA certificate or CRL isn't copied correctly to the publication point (missing), the status will show "Unable to Download." If the CA certificate or CRL is nearing expiration, the status column will show "Expiring."

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like