This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 71%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
I have discovered the hard way that certificates with RSA1 are no longer working for some things, and soon may not work for anything. My original CA was set up well over 10 years ago with RSA1 on server 2008 (I think. Might have been server 2003) and migrated up the change to 2016. So it's almost like I've never dealt with this before.
Since I need a CA that will do RSA256 now, I've decided to wipe out the old completely, and in with the new.
I am making my umpteenth attempt at setting up my own PKI infrastructure setup from scratch on Server 2019. To get this right, I'm using two VMs installed via HYPER-V, both with Server 2019 on them. One is the root CA and the other is the subordinate CA. Doing it this way so that I don't have to deal with server activation licensing until after I've got this down pat.
I found an outstanding step-by-step guide on line at https://mjcb.io/blog/2020/03/09/certificate-authority-windows-server-2019/ that so far, meets my needs exactly.
Upon completion of Part 4 up to an including section 4.5 I run PKVIEW.MSC on the CA Server computer and it shows an error on OCSP Location#1. Now one thing I note as that the instructions do no tell me to enable directory browsing on the OCSP container in IIS.
Am I correct in assuming that’s an oversight? With that assumption I have enabled directory browsing on that container. However, even after an iisreset and restarting the certsvc service, pkivew.msc still shows an error on http://ocsp.bcs.loca/ocsp. Am I missing something? Or am I just checking this with pkiview.msc to early?
Unfortunately, we do not support 3rd party guides. I'm afraid, but you have to contact blog owner for further assistance. After a quick look at referenced blog post, I would not recommend to use it anywhere but pure test/lab environment.
After some exhaustive searching I found it. Had to revoke the XCHG certificate and issue a new one. The zinger is, after finding this "the long way", when I continued the instructions, they told me to do what took me 45 minutes to discover the hard way. This is called "going around your elbow to get to your thumb." :)
Thank you. This helped me a lot :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 60%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Still helping folks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Hi,
I am glad to hear that your issue was successfully resolved\I am pleased to know that the information is helpful to you. If there is anything else we can do for you, please feel free to post in the forum.
Best Regards,
Vicky
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 41%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
For anybody else that finds there way here, there is an updated version of the blog post referenced above. The update details the resolution in Step 4.7