Windows certificate authority subca offline root

From UVOO Tech Wiki
Revision as of 18:03, 18 November 2023 by Busk (talk | contribs)
Jump to navigation Jump to search

If adding to existing Domain Add New CA Templates

  • You need to click on your Certificate Authority -> -> Certificate Templates -> New -> Certificate Template to Issue or click Manage (manages AD Templates duplicate and modify)
Active Directory Certificate Services denied request 6 because The revocation function was unable to check revocation because the revocation server was offline. 0x80092013

https://learn.microsoft.com/en-us/answers/questions/1320695/the-revocation-function-was-unable-to-check-revoca 

The revocation function was unable to check revocation because the revocation server was offline

Fix - Turn on rootca1 and copy *.crl files to subca(s) 

scp rootca1.example.com:\Windows\System32\CertSrv\CertEnroll ./
scp CertEnroll\*.crl ica1.example.com:\Windows\System32\CertSrv\CertEnroll\

Certificate Authority (Local) and right click and start Certificate Authority service and it should come up green

Retrieved from "https://tech.uvoo.io/index.php?title=Windows_certificate_authority_subca_offline_root&oldid=4686"