Posted October 24, 201113 yr I am trying to set up the following environment: Standalone Root CA and Enterprise Sub CA, both running windows 2008 R2 core. To set up the ROOT CA i have done the following: Install the Certificate Services Roll by typing the following at the command line: Cscript C:\Windows\System32\setupca.vbs /IS /sn RootCA /sp "RSA#Microsoft Software Key Storage Provider" /sk 2048 /sa SHA256 /SV 20 Run the following commands on the ROOT CA to set the issuing validity period to 20 years certutil -setreg ca\ValidityPeriod "Years" certutil -setreg ca\ValidityPeriodUnits "20" net stop certsvc & net start certsvc Install the CRL List in Active Directory by running the following commands Certutil setreg ca\DSConfigDN CN=Configuration, DC=Test,dc=local Certutil setreg ca\DSDomainDN DC=Test,dc=local Net stop certsvc & net start certsvc Certutil dspublish f C:\windows\system32\CertSrv\CertEnroll\Root CA.crl For the SUB CA I run the follwoing command: Cscript C:\Windows\System32\setupca.vbs /IF /sn Sub CA /DN DC=DC=Test,dc=local /sp "RSA#Microsoft Software Key Storage Provider" /sk 2048 /sa SHA256 /OR "C:\CA\SUBReq.req" I then submit the request to the ROOT CA and subsequently issue the pending request. When I try to accept the response using the certreq -accept command I get the following error: Certificate Request Processor: Cannot Find object or property and of course the SUB CA will not start as it does not have a vaild certificate. I have even tried to create a new certificate and although i can import it using the certreq -accept command the service will not start correctly. Any help would be appreciated... Thanks in advance
October 25, 201113 yr Are you sure this is correct? /DN DC=DC=Test,dc=local It should be: /DN DC=Test,dc=local Maybe I'm wrong... but this is my only idea. -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
October 25, 201113 yr So I think your problem is the private key, in some way Windows cannot find it anymore and so cannot associate the pair. I found this article, http://technet.microsoft.com/en-us/library/dd362655.aspx but it is useless because you need the GUI in order to proceed. No idea, sorry. -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
