Two tier Certificate Services deployment with root CA in stand-a-lone and issuing CA in domain. Can't apply root certificate to issuing CA.
Posted on 2011-09-09
Windows 2008 Ad environment. I have made a request for the root CA and copied and signed the CERT, saved the file as a .P7B file, then attempted to import into my issuing CA.
It won't import. The CA service will not start on my Issuing CA either.
I get the following error when I try to start the CS services on my issuing CA.
"The certificate for the CA "mycertname" on "myserver" is missing. Do you want to install this certificate?"
When I say yes and select the signed Cert I got from my Root CA that is stand-a-lone it errors out at well.
The error is;
Cannot find the certificate for CN=Root-CA to build a certificate chain. do you wish to install this certificate now? A certificate
chain could not be built to a trusted root authority. 0x800b010a (-2146762486).
And so I am stuck.
This is a test environment and I have used Enterprise PKI to remove any legacy objects.