elway7MemberOct 24, 2011 at 5:11 pm #156580
I am trying to set up the following environment: Standalone Root CA and Enterprise Sub CA, both running windows 2008 R2 core.
To set up the ROOT CA i have done the following:
Install the Certificate Services Roll by typing the following at the command line:
Cscript C:WindowsSystem32setupca.vbs /IS /sn RootCA /sp “RSA#Microsoft Software Key Storage Provider” /sk 2048 /sa SHA256 /SV 20
Run the following commands on the ROOT CA to set the issuing validity period to 20 years
certutil -setreg caValidityPeriod “Years”
certutil -setreg caValidityPeriodUnits “20”
net stop certsvc & net start certsvc
Install the CRL List in Active Directory by running the following commands
Certutil –setreg caDSConfigDN “CN=Configuration, DC=Test,dc=local”
Certutil –setreg caDSDomainDN “DC=Test,dc=local”
Net stop certsvc & net start certsvc
Certutil –dspublish –f “C:windowssystem32CertSrvCertEnrollRoot CA.crl”
For the SUB CA I run the follwoing command:
Cscript C:WindowsSystem32setupca.vbs /IF /sn “Sub CA” /DN DC=DC=Test,dc=local /sp “RSA#Microsoft Software Key Storage Provider” /sk 2048 /sa SHA256 /OR “C:CASUBReq.req”
I then submit the request to the ROOT CA and subsequently issue the pending request. When I try to accept the response using the certreq -accept command I get the following error:
“Certificate Request Processor: Cannot Find object or property”
and of course the SUB CA will not start as it does not have a vaild certificate.
I have even tried to create a new certificate and although i can import it using the certreq -accept command the service will not start correctly.
Any help would be appreciated…
Thanks in advance
You must be logged in to reply to this topic.