Hello,
Thank you for posting here!
Here are the asnwers for our questions:
Q1: CDP Location keeps expiring, but in the day of expiration it will renew to the next 3 days, and keep doing so. If I turn off the RootCA, I will need to turn it on again to renew.
A1: Do we mean the CDP Location #1 on Enterprise CA1?
If so, we can check if the CRL publications interval is three days. If so, we can change it.
And we can check Effective date and Next update about the CRL file.
Usually, the CDP Locations will update automatically. But if it is expired, we should republish it manually.
Q2: On the top of root CA on the Enterprise PKI management tool, I noticed that the both CDP Locations (#1, #2) are set to expire in July this year, and locations are not the same as in the subordinates, so probably some sort of misconfiguration on pointing the CDP?
A2: If there is no error in PKIview.msc, I mean the status is OK, then the PKI is healthy.
In my lab, CDPs about root CA and sub CA are not the same. It is normal.