Configure Authority Information Access Extension

Authority information access (AIA) is a service location descriptor that is included in every certificate issued by the CA. Technically, it is one of the many properties of a certificate. It contains LDAP, HTTP, and CER file location points, which allow clients to access the CA's own certificate information. Figure 10-11 shows this property in a user certificate.

In order to let CA clients know where the OCSP service is on the network, you need to publish the OCSP URL in the AIA field. To do this, access CA properties in the Certification Authority console, switch to the Extensions tab, and select AIA in the drop-down. You will need to add a new HTTP URL; do this by clicking Add and then specifying a URL as shown on Figure 10-12. Click OK and back on the Extensions tab, ensure that the second check box is enabled, as shown on Figure 10-13.

FIGURE 10-11

AIA property in a certificate

Enrolled Agent Certificate Copy

Learn more about certificate details

FIGURE 10-12

Publishing an OCSP service location point in AIA

FIGURE 10-13

Adding an OCSP URL

Authority Information Access (AIA) Specify locations from which users can obtain the certificate for this CA.


Include in the AIA extension of issued certificates

Include in the online certificate status protocol (OCSP) extension



