CA and Sub CA question
Hello, I installed a Sub CA because the CA is overseas. My Sub CA doesnt show my issued templates nor does it see the templates from the overseas CA to even issue. Am I missing something? Thanks
May 28th, 2010 4:29pm

I did notice that when I look in the AD Cert Services that my new Sub CA has a Status of Error. If I go into the Sub CA, I see Status OK for the CA Cert, AIA Location #1, CDP Location #1, DeltaCRL Location +1 I get unable to download status msgs for AIA Location #2, DeltaCRL Location #2 and CDP Location #2. CA is definitely new to me. Any info will help immensely. Thanks
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2010 4:45pm

Sorry for the confusion. I fixed the status issues because I didnt have enrollment installed on that server. I still dont understand why my SUB CA cant issue cert templates. If I try to issue cert templates, I dont see any of the ones I created on the Main CA. I find that odd but I dont really know how CAs and Sub CAs work.
May 28th, 2010 4:57pm

Hi, The certificate templates information is stored in the Configuration partition of the AD forest, and therefore please check if the AD replication works properly. In addition, please confirm the Edition of the OS running on the SubCA. Please notice that we cannot add a new version 2 or version 3 certificate template to the CA. For more information, please see the "I cannot add a new version 2 or version 3 certificate template to my CA." section at http://technet.microsoft.com/en-us/library/cc731429.aspx#BKMK_9 Hope the information is helpful.This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2010 12:05pm

Clarification on Joson's post. For Windows Server 2003, Server 2003 R2, and Server 2008, you must use Enterprise or Data Center edition to issue custom certificate templates (V2 [2003/2003R2/2008] or V3 [2008 only]) For Windows Server 2008 R2, you can use Standard, Enterprise or Data Center editions to issue custom certificate templates. Brian
June 1st, 2010 1:58pm

Brian, i am running standard 2008 R2, and i can create (duplicate) new templates, and i can see them in the Configuration partition. but when i try to issue them they are unavailable in the list. the only thing i see in the list are the ones which (in the certificate templates console) show a minimum CA version of Windows 2000. none of the "windows 2003 enterprise" or "windows 2008 enterprise" templates are available for me to issue.
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2010 5:20pm

On Fri, 10 Dec 2010 22:16:29 +0000, CurtMcgirt wrote: Brian, i am running standard 2008 R2, and i can create (duplicate)?new templates, and i can see them in the Configuration partition. but when i try to issue them they are unavailable in the list. the only thing i see in the list are the ones which (in the certificate templates console) show a minimum CA version of Windows 2000. none of the "windows 2003 enterprise"?or "windows 2008 enterprise" templates are available for me to issue. To keep this issue in one place, please see my response to the new thread you started. <http://social.Technet.microsoft.com/Forums/en-US/winserversecurity/thread/e2b792d6-9eb2-4751-ace5-67f20b5530b6#78d2034b-0ae0-4ca3-8dc5-a21d6e6871be> Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca
December 11th, 2010 12:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics