Member
I need some help here to add CA certification on the Root CA. I am not able to do that. I do not want to add that in AD but in a stand alone root system. I tried it through floppy drive. There another enterprise subordinate ca configured on the server. I am trying to add this separately but facing issue with configuration. I tried to install that with the help of CA authority console. I am getting a error -- Cannot verify certificate chain. ...0x800b0101). How to fix this thing.
Member
It is needed to be publish on the AD so that it would be available for all the clients. Also you have to check that the root certificate you are having is in the right place. As per my experience this might not be possible. There will be a cert chain issue that will arise every now and then. There are some steps that you can try. First install the offline root ca and configure default settings only. The install online sub CA on the default settings and store the cert in floppy disk. Insert the same and then enter certreq. Choose the .req file and then check what response you get. You have to then go in CA mmc to issue the pending request.
Member
Friends!
I have the MS CA on the stand-alone win2003 server. Of cause, it is a stand-alone CA, it's a my RootCA. I need to use subCA. It's MS CA on the member of the domain, of cause , it's a Enterprice subordinate CA. I need to sign his certificate in RootCA. But Root CA is a stand-alone, and I can't cange expiration date for subCA. I recive cert for SubCA only to 1 year. How I can do it for 5 year?
Member
Make sure you are logged in as a domain admin when creating a root CA that you want registered in Active Directory, otherwise it won't register your CA in Active Directory and you will get the errors you're seeing when trying to create a subordinate enterprise CA.
If you think it registered in AD check for the 103 event ID in your event logs that mentions your CA. If you can't find it, you probably installed it wrong.
That said, any step-by-step instructions on how to manually register your CA in active directory?
And yes, this is 4 years later, but I'm sure someone would still appreciate the input.
Member
I think that you need to ensure that your certificiate chain is valid when using an offline RootCA or Tird Party RootCA you must publish the CA certificate in Active Directory. This will replicate the certificate to all machines in the domain, ensuring that the chain is indeed valid for all clients. To achieve this, export the certificate in DER format and then use the following command to import it into AD: certutil -dspublish -f file_name.cer RootCAOriginally Posted by lucid_green
Check more suggestions given in similar kind of thread - http://forums.techarena.in/windows-s...lp/1246859.htm
Member
Thank you! My problem was solved. Absence of the event 103 is very important indicator. And yes, this is one more year later :)
Posting Permissions
Reply With Quote
Bookmarks