Difference between revisions of "Windows certificate authority subca offline root"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
| − | # | + | # Add New CA Templates |
| + | Certificate Templates are stored in the Active Directory so Windows CAs can share and use the certificate templates but you still need to add them to the CA | ||
| + | |||
| + | ``` | ||
| + | Get-CATemplate | ||
| + | ``` | ||
- You need to click on your Certificate Authority -> <name> -> Certificate Templates -> New -> Certificate Template to Issue or click Manage (manages AD Templates duplicate and modify) | - You need to click on your Certificate Authority -> <name> -> Certificate Templates -> New -> Certificate Template to Issue or click Manage (manages AD Templates duplicate and modify) | ||
Revision as of 18:06, 18 November 2023
Add New CA Templates
Certificate Templates are stored in the Active Directory so Windows CAs can share and use the certificate templates but you still need to add them to the CA
Get-CATemplate
- You need to click on your Certificate Authority ->
-> Certificate Templates -> New -> Certificate Template to Issue or click Manage (manages AD Templates duplicate and modify)
Active Directory Certificate Services denied request 6 because The revocation function was unable to check revocation because the revocation server was offline. 0x80092013
The revocation function was unable to check revocation because the revocation server was offline
Fix - Turn on rootca1 and copy *.crl files to subca(s)
scp rootca1.example.com:\Windows\System32\CertSrv\CertEnroll ./ scp CertEnroll\*.crl ica1.example.com:\Windows\System32\CertSrv\CertEnroll\
Certificate Authority (Local) and right click and start Certificate Authority service and it should come up green