Windows certificate authority subca offline root

From UVOO Tech Wiki
Revision as of 18:47, 20 November 2023 by Busk (talk | contribs)
Jump to navigation Jump to search

Add New CA Templates

Certificate Templates are stored in the Active Directory so Windows CAs can share and use the certificate templates but you still need to add them to the CA 

Get-CATemplate
  • You need to click on your Certificate Authority -> -> Certificate Templates -> New -> Certificate Template to Issue or click Manage (manages AD Templates duplicate and modify)
Active Directory Certificate Services denied request 6 because The revocation function was unable to check revocation because the revocation server was offline. 0x80092013

https://learn.microsoft.com/en-us/answers/questions/1320695/the-revocation-function-was-unable-to-check-revoca 

The revocation function was unable to check revocation because the revocation server was offline

Fix - Turn on rootca1 and copy *.crl files to subca(s) 

scp rootca1.example.com:\Windows\System32\CertSrv\CertEnroll ./
scp CertEnroll\*.crl ica1.example.com:\Windows\System32\CertSrv\CertEnroll\

Certificate Authority (Local) and right click and start Certificate Authority service and it should come up green

You can try this as well

Retrieved from "https://tech.uvoo.io/index.php?title=Windows_certificate_authority_subca_offline_root&oldid=4691"