I apologize if I am missing something increadably basic here. The situation is as follows: I have an Active Directory domain running on a 2008 domain function level I have configured a standalone root CA (which is on a seperate 2008 system from the DC) I am attempting to setup an issuing CA on yet another 2008 box and this is where I am having trouble. Thus far I have installed the Certificate Authority Role but during install could not browse the network for a CA (rather it did not see any) I was able to browse by the root CA's name and it seemed for a time that everything was going to work out just fine. After the install was completed I got a warning message that Active Directory Certificate Services installation is incomplete. It indicates that I must use the request file to request a certificate from the parent CA... Not to sound like an idiot but this is where I am having issues. I have the .req file that was automatically generated but cannot determine how to submit that request. My research thus far indicates that I should not use the online request method by browsing to http://rootservername/certsrv so I'm not sure what to do. I would be most greatfull if someone can help me figure out how to get this final step completed. Thank you, --- To update my question. I found out that the request had actually been issued to the root server and I have gone to the root CA and into the certificate authority area and issued the pending certificate. I am still working on this but would be most greatfull for any assistance: I now need to figure out how to download the certificate so I can import and install it on the subordinate CA. Thanks again,

Maybe this is the information you are looking for? Export a Certificate with the Private Key http://technet.microsoft.com/en-us/library/cc754329.aspx Import a Certificate http://technet.microsoft.com/en-us/library/cc754489.aspx

matrixx016, this is not the answer for a current case. McServer you need to copy your .req file to an Offline Root CA server. One the Standalone Root CA server: Open Certification Authority MMC snap-in, select root node, right-click on it, select All tasks and select Submit new request. In the open certificate request dialog window locate your request file and click Open. If no error appear, select Pending requests node (in the same MMC snap-in) and locate the most recent request. Right-click on it, select Actions and Issue. After that issued certificate should appear (if no errors found in the request file) in the Issued Certificates node. Double click on the newly issued certificate, switch to Details tab and press Copy to a file button. Export the certificate (without private key) to a file and transfer it to a Subordinate CA server. On the Subordinate CA server: Open Certification Authority MMC snap-in. You will see that certificate services are not running. Right-click on the root node, select All tasks and select Install CA Certificate. In the Open File dialog window locate and select transfered certificate file. After that CA server is ready to run and serve certificate requests. Thought there is a common error when you try to install SubCA certificate. The reason is that CA server is unable to perform revocation check on it's own certificate due of Root CA CRT/CRL file unavailablity. Thereofre after Root CA setup you need to configure CRT/CRL distribution points to a public locations so each client will be able to access them.http://en-us.sysadmins.lv

Thank you, This information was very clear and solved the problem I was having getting the subordinate online.