none
The signature of the certificate cannot be verified 0x80096004 (-2146869244)

    Question

  • hi

    I am creating a three tier CA infrastruture, I have created the 2 tiers (1 root and 2 standalone CAs), however when I try to create the issuing server (enterprise sub ordinate) I am getting the above error on the certificate request process.

    Basically the error is The signature of the certificate cannot be verified. 0x80096004 (-2146869244) Error Constructing or Publishing Certificate  Resubmitted by xxxxxx 17.12.2013 13:12 xxx  xxxxx Subordinate Certification Authority (SubCA) 

    It is a 512 key ca enterprise installed on windows 2008 server.

    Any help would be great....

    Tuesday, December 17, 2013 6:57 PM

Answers


  • It is a 512 key ca enterprise installed on windows 2008 server.

    Any help would be great....

    512 bit keys have been blocked for a while now.

    http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx

    • Marked as answer by RR 707 Tuesday, December 17, 2013 7:45 PM
    Tuesday, December 17, 2013 7:17 PM

All replies


  • It is a 512 key ca enterprise installed on windows 2008 server.

    Any help would be great....

    512 bit keys have been blocked for a while now.

    http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx

    • Marked as answer by RR 707 Tuesday, December 17, 2013 7:45 PM
    Tuesday, December 17, 2013 7:17 PM
  • Thanks Paul, I am going to try at 10k key now


    Ranjiv

    Tuesday, December 17, 2013 7:19 PM
  • hi

    I am creating a three tier CA infrastruture, I have created the 2 tiers (1 root and 2 standalone CAs), however when I try to create the issuing server (enterprise sub ordinate) I am getting the above error on the certificate request process.

    Basically the error is The signature of the certificate cannot be verified. 0x80096004 (-2146869244) Error Constructing or Publishing Certificate  Resubmitted by xxxxxx 17.12.2013 13:12 xxx  xxxxx Subordinate Certification Authority (SubCA) 

    It is a 512 key ca enterprise installed on windows 2008 server.

    Any help would be great....

    Also, why are you creating a 3 tier infrastructure with 2 policy CAs? What is the business driver for this? Typically these days, unless absolutely necessary, best practice is 2-tier, not 3.

    Tuesday, December 17, 2013 7:19 PM
  • Hi.. this is for non technical reasons :-/


    Ranjiv

    Tuesday, December 17, 2013 7:21 PM
  • Thanks very much :)))) It worked...

    Ranjiv

    Tuesday, December 17, 2013 7:28 PM
  • Thanks very much :)))) It worked...

    Glad to hear it. Please mark my follow-up as an answer. I really don't care about the points I get but it helps others who may have the same problem.

    Tuesday, December 17, 2013 7:34 PM