Can you help with 2-tier PKI on second issuing CAs on same Root CA?
PKI, CA, Public key infrastructure, Certificate Authority, Window Server, ADCS, Active Directory, Server Manager, Issuing CA, Root CA, Subordinate CA, Azure,
0.00 (0 votes)

I am running into an issue and hoping someone can help me. We were asked to set up a new Root CA and 2 subordinate (issuing) CAs under it (the request includes using Azure and placing each VM in a different region for redundancy). We issued the root, and first subordinate CA, but on the second subordinate CA we are getting 2 errors. -The first is one that we had the option to ignore and did so, it is "Cannot verify certificate chain. Do you wish to ignore the error and continue? The revocation function was unable to check revocation because the revocation server was offline. 0x80092013" -When we clicked ok and ran it anyway, we got "Certutil: -installCert command FAILED: 0x8007139f (WIN32: 5023 ERROR_INVALID_STATE) CertUtil: The group resource is not in the correct state to perform the requested operation." The weird thing is it said everything went well and we just needed to restart for it to take effect and then gave us the second error. All this is in Windows Server 2016

We used this Instruction Part 2 is the part where the issuing CAs start. We followed the same instructions for the second one, but as stated above, it didn't work out.

30-09-2022 21:20:45