Go Back   TechArena Community > Technical Support > Computer Help > Windows Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Certificate chain issue with Ent Sub Ca & stand alone Root CA

Windows Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 28-04-2006
Member
 
Join Date: Oct 2005
Posts: 52
Certificate chain issue with Ent Sub Ca & stand alone Root CA

I need some help here to add CA certification on the Root CA. I am not able to do that. I do not want to add that in AD but in a stand alone root system. I tried it through floppy drive. There another enterprise subordinate ca configured on the server. I am trying to add this separately but facing issue with configuration. I tried to install that with the help of CA authority console. I am getting a error -- Cannot verify certificate chain. ...0x800b0101). How to fix this thing.

Reply With Quote
  #2  
Old 20-05-2006
Member
 
Join Date: Sep 2004
Posts: 136
It is needed to be publish on the AD so that it would be available for all the clients. Also you have to check that the root certificate you are having is in the right place. As per my experience this might not be possible. There will be a cert chain issue that will arise every now and then. There are some steps that you can try. First install the offline root ca and configure default settings only. The install online sub CA on the default settings and store the cert in floppy disk. Insert the same and then enter certreq. Choose the .req file and then check what response you get. You have to then go in CA mmc to issue the pending request.
Reply With Quote
  #3  
Old 20-05-2007
Member
 
Join Date: May 2007
Posts: 1
TimeToLive of the SubCA

Friends!
I have the MS CA on the stand-alone win2003 server. Of cause, it is a stand-alone CA, it's a my RootCA. I need to use subCA. It's MS CA on the member of the domain, of cause , it's a Enterprice subordinate CA. I need to sign his certificate in RootCA. But Root CA is a stand-alone, and I can't cange expiration date for subCA. I recive cert for SubCA only to 1 year. How I can do it for 5 year?
Reply With Quote
  #4  
Old 29-06-2011
Member
 
Join Date: Jun 2011
Posts: 1
Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA

Make sure you are logged in as a domain admin when creating a root CA that you want registered in Active Directory, otherwise it won't register your CA in Active Directory and you will get the errors you're seeing when trying to create a subordinate enterprise CA.
If you think it registered in AD check for the 103 event ID in your event logs that mentions your CA. If you can't find it, you probably installed it wrong.
That said, any step-by-step instructions on how to manually register your CA in active directory?

And yes, this is 4 years later, but I'm sure someone would still appreciate the input.
Reply With Quote
  #5  
Old 29-06-2011
Member
 
Join Date: May 2008
Posts: 4,083
Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA

Quote:
Originally Posted by lucid_green View Post
Make sure you are logged in as a domain admin when creating a root CA that you want registered in Active Directory, otherwise it won't register your CA in Active Directory and you will get the errors you're seeing when trying to create a subordinate enterprise CA.
If you think it registered in AD check for the 103 event ID in your event logs that mentions your CA. If you can't find it, you probably installed it wrong.
That said, any step-by-step instructions on how to manually register your CA in active directory?

And yes, this is 4 years later, but I'm sure someone would still appreciate the input.
I think that you need to ensure that your certificiate chain is valid when using an offline RootCA or Tird Party RootCA you must publish the CA certificate in Active Directory. This will replicate the certificate to all machines in the domain, ensuring that the chain is indeed valid for all clients. To achieve this, export the certificate in DER format and then use the following command to import it into AD: certutil -dspublish -f file_name.cer RootCA

Check more suggestions given in similar kind of thread - http://forums.techarena.in/windows-s...lp/1246859.htm
Reply With Quote
  #6  
Old 16-04-2012
Member
 
Join Date: Apr 2012
Posts: 1
Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA

Quote:
Originally Posted by lucid_green View Post
Make sure you are logged in as a domain admin when creating a root CA that you want registered in Active Directory, otherwise it won't register your CA in Active Directory and you will get the errors you're seeing when trying to create a subordinate enterprise CA.
If you think it registered in AD check for the 103 event ID in your event logs that mentions your CA. If you can't find it, you probably installed it wrong.
That said, any step-by-step instructions on how to manually register your CA in active directory?

And yes, this is 4 years later, but I'm sure someone would still appreciate the input.
Thank you! My problem was solved. Absence of the event 103 is very important indicator. And yes, this is one more year later :)
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Security
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Certificate chain issue with Ent Sub Ca & stand alone Root CA"
Thread Thread Starter Forum Replies Last Post
How to install root certificate and personal certificate in xoom ? SPARSH Portable Devices 6 21-05-2011 07:58 PM
Itunes - 9813 Error - No Root Certificate Mohegan Windows Software 6 21-09-2010 09:16 AM
SBS Certificate refuses to install in Trusted Root certificate Aut Blerim Small Business Server 5 09-09-2010 04:37 PM
kb 931125 Root Certificate Update MichaelW Windows Update 1 09-02-2007 11:02 PM
Windows Update KB931125 (Root Certificate) W23K x64 doesn't work Chris Windows Server Help 3 02-02-2007 06:37 AM


All times are GMT +5.5. The time now is 10:38 AM.