The left pane, or console tree, of the Enterprise PKI snap-in includes a tree view of the public key infrastructures (PKIs) and enterprise certification authorities (CAs) in an organization.

If you select a specific PKI in the console tree, the details pane displays the status of the entire PKI: OK, if everything is properly configured and functioning correctly, or Error, if there are problems that require attention.

If you select a specific CA in the console tree, additional information that can be used to identify the source of an Error condition is displayed, including whether the following are available, expiring, or unavailable:

  • CA certificate

  • Authority information access locations

  • Certificate revocation list (CRL) distribution points

  • Delta CRL distribution points

By right-clicking the name of the PKI in the console tree, you can configure when you want to display alerts for the following components of the CAs in that hierarchy.

Component Description

Set certificate status to Expiring when expiring in

Number of days before a CA certificate expires that a warning will appear

Set CRL status to Expiring when expiring in

Number of hours or days before a CRL expires that a warning will appear

Set Delta CRL status to Expiring when expiring in

Number of hours or days before a delta CRL expires that a warning will appear

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To modify warning options for a PKI
  1. Open the Enterprise PKI snap-in.

  2. In the console tree, right-click Enterprise PKI.

  3. Click Options.

  4. Review and modify the days or hours listed for the CA certificate, CRLs, and delta CRLs.

  5. Click OK.

  6. On the Action menu, click Refresh.

Additional references