Implementing Root CA, PCA and Issuing CA on the same VM
Posted on 2010-08-24
We are implementing a new PKI in our environment. It will be a 3-tier Hierachy. In Phase I we will be standing up the Root CA (stand-alone – offline), PCA (Stand-alone – offline) and one issuing CA. We have chosen to install the Enterprise Edition of Windows Server 2008 R2 on all 3 servers.
The above is going to be done in the near future, but at this time I am having this problem with my test server:
I am brand new to PKI. I have a VM Server which I have been given to experiment with (install/un-install) Certificate Services on. This test Server has Windows Server 2008 R2 on it.
To start out, I installed Certificate Services Role on the test VM server, but I didn’t know about the CAPolicy.inf file at the time. Now I am trying to un-install Certificate Services (I don’t have any Certificates to revoke or anything).
I stopped the Cert Service, then tried to delete the private key of the Root CA by doing:
Then I tried to list the Keys by:
It says the command completed successfully, but doesn’t show any keys.
Does that mean no keys were created during the Install of CS..??
I tired the Certutil –delkey
And it says “Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks. CertUtil: The requested operation requires elevation.”
I am an administrator on the box.
The next step I was going to do after –delkey was to un-install CS from Add or Remove Programs and then delete the CA database.
How do I proceed to cleanly un-install the Root CA and start all-over again ??
Once I get this going, I am supposed to use the same server to install the Root CA, PCA and the Issueing CA all-in-one. I don’t know how to do that. Can you please help me. Can someone please send me some guidance on how to do this ??
Thank you. msyed1