none
Subordinate Certificate Authority not issuing RRS feed

  • Question

  • Hi all.

    I have a forest and 3 domains, with a DC with a installed role Certificate Auth. I don't want to lose the certificates still issued and used by this CA. I removed the templates from this CA.

    I installed a new Offline CA and 2 new subordinate enterprise CAs. All is looking good :)

    But...

    Now the servers are unable to enroll certificates, they don't seem to be aware of the new issuing CAs :(

    What is missing in this design?


    Wednesday, August 14, 2019 10:25 AM

Answers

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    According to "I installed a new Offline CA and 2 new subordinate enterprise CAs", do we mean we install a new offline root CA on a new server and two new subordinate enterprise CAs on two new servers in the above forest?


    If so, we can refer to the following article to check how we set up the two tier CA.

    AD CS Step by Step Guide: Two Tier PKI Hierarchy Deployment
    https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by FCrespo Monday, August 19, 2019 3:15 PM
    Thursday, August 15, 2019 3:58 AM
    Moderator
  • Missed the step to create a GPO so that servers accept the root CA as trustable

    Thanks for your help

    Monday, August 19, 2019 3:16 PM
  • Hi,
    Thank you for your update and sharing.

    Meanwhile, thank you for marking my reply as answer.
     
    As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you! 

    Have a nice day!


     
    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 20, 2019 10:00 AM
    Moderator