My final blog about this topic… and following on from here.
The CDP is up and running, and immediately clients are “happier”, insofar as a machine can be happy >_>
In order to confirm the certificates are picking up the CDP, they need to be reissued, as these changes will only affect certificates issued post change.
Firstly I viewed an existing certificate:
…and as you can see htere is no reference to a CDP at the bottom. I then manually renewed a certificate on my test PC, opened the certificate and confirmed the presence of a CDP.
Le fin! Well sort of… now I have to deploy an updated certificate to several thousand PCs. Joy.