Solved

Two tier Certificate Services deployment with root CA in stand-a-lone and issuing CA in domain. Can't apply root certificate to issuing CA.

Posted on 2011-09-09
1
1,196 Views
Last Modified: 2012-05-12
Windows 2008 Ad environment. I have made a request for the root CA and copied and signed the CERT, saved the file as a .P7B file, then attempted to import into my issuing CA.
It won't import. The CA service will not start on my Issuing CA either.
I get the following error when I try to start the CS services on my issuing CA.
"The certificate for the CA "mycertname" on "myserver" is missing. Do you want to install this certificate?"
When I say yes and select the signed Cert I got from my Root CA that is stand-a-lone it errors out at well.
The error is;
Cannot find the certificate for CN=Root-CA to build a certificate chain. do you wish to install this certificate now? A certificate
chain could not be built to a trusted root authority. 0x800b010a (-2146762486).

And so I am stuck.

This is a test environment and I have used Enterprise PKI to remove any legacy objects.
0
Comment
Question by:lanman777
1 Comment
 
LVL 19

Accepted Solution

by:
CoccoBill earned 500 total points
ID: 36515868
Sounds like you haven't installed the standalone root's CA cert in the trusted root ca store yet. Use "certutil -dspublish -f <rootcertfile.crt> RootCA" to do that, then try again.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Resolve DNS query failed errors for Exchange
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now