So ive been reading a ton of posts and guides and im still a bit fuzzy on this.....currently following instruction from this link
http://blog.ittoby.com/2012/04/creating-two-tier-pki-windows-2008r2.html
My PKI experience is limited to standing up a few stand-alone CA's, CRL, CDP, and AIA are in general foreign to me but I want to be in a position to leverage these if needed going forward.
The current part im unclear on is "Set Configuration DN, Domain DN". This sounds like something done from the server that will be the offline root CA but that is a non-domain joined server.
******
When you use variables in the AIA and CDP paths for the LDAP publication (i.e. ) these registry keys are referenced to populate those fields with the correct information.
Open a command prompt as administrator
Execute "certutil -setreg ca\DSConfigDN CN=Configuration, DNpath" (i.e. certutil -setreg ca\DSConfigDN CN=Configuration,DC=CompanyName,DC=local)
Execute "certutil -setreg ca\DSDomainDN DNpath"
DNpath should be the appropriate path. To get it correct you can use ADSIEdit to connect to the default naming context.
Im confused by the DNpath.....this a standalone server not part of the domain
*******
any pointers would be greatly appreciated