By default Microsoft Certificate Authority (MSCA) does not have http CRL Distribution Points (CDP) enabled. This article covers the steps on enabling this on 2008 R2 based MSCA.
We can enable the MSCA to http based CRL Distribution Point with, Open Certification Authority management console and:
- Connect to the CA
- Right click on the CA object and select Properties
- Go to Extensions tab
- Select the http location
- Check the boxes for “Include in CRLs. Clients use this to find Delta CRL locations” and "Include in the CDP extension of issued certificates"
- Click Apply
- Click Yes to restarting services
- Issue certificate (should have new CDP info on it now)