Two tier Certificate Services deployment with root CA in stand-a-lone and issuing CA in domain. Can't apply root certificate to issuing CA.

Windows 2008 Ad environment. I have made a request for the root CA and copied and signed the CERT, saved the file as a .P7B file, then attempted to import into my issuing CA.
It won't import. The CA service will not start on my Issuing CA either.
I get the following error when I try to start the CS services on my issuing CA.
"The certificate for the CA "mycertname" on "myserver" is missing. Do you want to install this certificate?"
When I say yes and select the signed Cert I got from my Root CA that is stand-a-lone it errors out at well.
The error is;
Cannot find the certificate for CN=Root-CA to build a certificate chain. do you wish to install this certificate now? A certificate
chain could not be built to a trusted root authority. 0x800b010a (-2146762486).

And so I am stuck.

This is a test environment and I have used Enterprise PKI to remove any legacy objects.
lanman777Asked:
Who is Participating?
 
CoccoBillConnect With a Mentor Commented:
Sounds like you haven't installed the standalone root's CA cert in the trusted root ca store yet. Use "certutil -dspublish -f <rootcertfile.crt> RootCA" to do that, then try again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.