How to Debug CDP URL building?

hello,

during implementation of quality environment i've got strange behavior of building cdp url ad.

configuration of our cas made using script , certutil command. in test environment (windows ent. server 2008 x64) special cdp want talk build by:
certutil -setreg ca\crlpublicationurls "67ldap://cn=%%7%%8,cn=%%2,cn=cdp,cn=public key services,cn=services,%%6%%10"
resulting url:
ldap:///cn=<not eyes>,cn=cdp,cn=public%20key%20services,cn=services,cn=configuration,dc=com?certificaterevocationlist?base?objectclass=crldistributionpoint
1 works fine ...

while implementing quality environment (windows ent. server 2008 x64 r2) use same command result:
ldap:///cn=<not eyes>,cn=cdp,cn=public key services,cn=services,cn=configuration,dc=com/?certificaterevocationlist?base?objectclass=crldistributionpoint

takes while me see difference:

works: ...public%20key%20services...configuration,dc=com?certificaterevocationlist...

wont:  ...public key services...configuration,dc=com/?certificaterevocationlist...


there appears slash ("/") between ...? view of ca extension tab slash between:
<configurationcontainer><cdpobjectclass>
@ end of container string imho build dsconfigdn (set proper) or @ start string of object class? can see - in ad scheme?


br libbe

edit: insert difference "public key services" vs. "public%20key%20services"

found error:

certutil -setreg ca\crlpublicationurls "...67ldap://..."

results in

ldap://cn=......configuration,dc=com/?certificaterevocationlist...

by using 3 slashes

certutil -setreg ca\crlpublicationurls "67ldap:///

all works fine.

 

br libbe

Windows Server  >  Security