?
Solved

Two tier Certificate Services deployment with root CA in stand-a-lone and issuing CA in domain. Can't apply root certificate to issuing CA.

Posted on 2011-09-09
1
Medium Priority
?
1,338 Views
Last Modified: 2012-05-12
Windows 2008 Ad environment. I have made a request for the root CA and copied and signed the CERT, saved the file as a .P7B file, then attempted to import into my issuing CA.
It won't import. The CA service will not start on my Issuing CA either.
I get the following error when I try to start the CS services on my issuing CA.
"The certificate for the CA "mycertname" on "myserver" is missing. Do you want to install this certificate?"
When I say yes and select the signed Cert I got from my Root CA that is stand-a-lone it errors out at well.
The error is;
Cannot find the certificate for CN=Root-CA to build a certificate chain. do you wish to install this certificate now? A certificate
chain could not be built to a trusted root authority. 0x800b010a (-2146762486).

And so I am stuck.

This is a test environment and I have used Enterprise PKI to remove any legacy objects.
0
Comment
Question by:lanman777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 19

Accepted Solution

by:
CoccoBill earned 2000 total points
ID: 36515868
Sounds like you haven't installed the standalone root's CA cert in the trusted root ca store yet. Use "certutil -dspublish -f <rootcertfile.crt> RootCA" to do that, then try again.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question