Authority information access (AIA) locations must be included in the extensions of issued certificates
Issue: This certification authority (CA) is not configured to include authority information access locations in the extensions of issued certificates. The authority information access extension provides the network location of the issuing CA’s certificate.
Impact: Clients may not be able to locate the issuing CA’s certificate to build a certificate chain, and certificate validation may fail. Certificate validation is critical to a correctly functioning PKI. A certification path that leads to a trusted root certificate is a requirement for a valid certificate. To build a certification path, the issuing CA’s certificate is retrieved by CryptoAPI, which reads the authority information access extension of issued certificates to identify the network location of the CA’s certificate. If the extension does not include the location of the CA certificate, then certificate validation cannot be completed and applications that require the certificate might fail.