Access is denied when publishing CRL

Introduction
I was following a guide on how to create a custom location of the crl and got stuck when trying to publish the CRL, the error is Access is denied 0x80070005. Apparently even my CA has full control of the directory and NTFS permission the publishing is denied. It turns out that I need to locate the CRL onto another server other than the CA itself.

for this I decided to store the CRL onto a DC.

Creating a folder for storing CRL on DC
I would need to set the sharing permission and NTFS permission for this.

Right click on the folder, and choose properties. Then click on Sharing, and click Advance Sharing.

Right click on the folder, and choose properties. Then click on Sharing, and click Advance Sharing.

I put $ at the end of the share name. Then click on Permission.

I put $ at the end of the share name. Then click on Permission.

Click Add, to add a computer.

Click Add, to add a computer.

Click on Object Type, and choose Computer, then click ok. After which you type in the name of your CA and click ok.

Click on Object Type, and choose Computer, then click ok. After which you type in the name of your CA and click ok.

Choose CA$ and give Full Control. The CA must have write permission.

Choose CA$ and give Full Control. The CA must have write permission.

Choose Security tab to give NTFS permission to CA. Give full permission because the CA requires write permission.

Choose Security tab to give NTFS permission to CA. Give full permission because the CA requires write permission.

Adding CRL extension to point to the new folder that stores CRL
dc7
Click on the Add button, and type in file://DC01/crldist$/ then insert CAName, CRLNameSuffix, DeltaCRLAllowed, and at the end type in .crl. Select Publish CRLs to this location and Publish Delta CRLs to this location.

Restart the CA service and publish.

Navigate to \\DC01\crldist$ you should see the two files.
dc8

Advertisements
This entry was posted in ASA/PIX, Firewall, VPN and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s