AIA is an extension, which is in the certificate and defines the location where the application or the service can retrieve issuing CA's certificate. This is also a web-based path, and we can use the same location we used for the CDP.
This can be set using the following command:
certutil -setreg CACACertPublicationURLs "1:C:Windowssystem32CertSrvCertEnroll\%1_%3%4.crt 2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11 2:http://crt.rebeladmin.com/CertEnroll/%1_%3%4.crt"
The options are very much similar to the CDP with a few smaller changes:
Option |
Details |
0 |
No changes |
1 |
Publish CA certificate to given location |
2 |
Attach AIA extensions of issued certificates |
32 |
Attach Online Certificate Status Protocol (OCSP) Extensions |