Certificate Services – SUB CA Issue

Home Forums Server Operating Systems Windows Server 2008 / 2008 R2 Certificate Services – SUB CA Issue

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    elway7
    Member
    #156580

    I am trying to set up the following environment: Standalone Root CA and Enterprise Sub CA, both running windows 2008 R2 core.

    To set up the ROOT CA i have done the following:
    Install the Certificate Services Roll by typing the following at the command line:
    Cscript C:WindowsSystem32setupca.vbs /IS /sn RootCA /sp “RSA#Microsoft Software Key Storage Provider” /sk 2048 /sa SHA256 /SV 20
    Run the following commands on the ROOT CA to set the issuing validity period to 20 years

    certutil -setreg caValidityPeriod “Years”
    certutil -setreg caValidityPeriodUnits “20”
    net stop certsvc & net start certsvc

    Install the CRL List in Active Directory by running the following commands
    Certutil –setreg caDSConfigDN “CN=Configuration, DC=Test,dc=local”
    Certutil –setreg caDSDomainDN “DC=Test,dc=local”
    Net stop certsvc & net start certsvc
    Certutil –dspublish –f “C:windowssystem32CertSrvCertEnrollRoot CA.crl”

    For the SUB CA I run the follwoing command:

    Cscript C:WindowsSystem32setupca.vbs /IF /sn “Sub CA” /DN DC=DC=Test,dc=local /sp “RSA#Microsoft Software Key Storage Provider” /sk 2048 /sa SHA256 /OR “C:CASUBReq.req”

    I then submit the request to the ROOT CA and subsequently issue the pending request. When I try to accept the response using the certreq -accept command I get the following error:
    “Certificate Request Processor: Cannot Find object or property”
    and of course the SUB CA will not start as it does not have a vaild certificate.

    I have even tried to create a new certificate and although i can import it using the certreq -accept command the service will not start correctly.

    Any help would be appreciated…

    Thanks in advance

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.