Renew Issuing CA Certificate - Will not renew or allow installation of new certificate

-

we have 2 issuing ca's. lets call first 1 ca1 , second ca2.

both point intermediate ca server offline have turned on.

so followed below steps on ca2 renew issuing certificates:

      • log onto issuing ca , open certificate authority mmc
      • right click on issuing ca > tasks > renew ca certificate
      • press yes stop ad certificate services
      • press no generate new public/private pair
      • a box appeared asking the computer-name of online ca send request asking parent ca

      i clicked browse , select ca1 fqdn computer name along parent ca again ca1 , appeared option. seemed little odd me seeing want renew certificate of issuing ca2 sending request parent ca , not fellow issuing ca.

      whilst considering of resorting offline/manual way of going this, accidentally clicked ok.

      so has not generated certificate certificate coming issuing ca , thinks instead of pointing intermediate or root certificate ca did, instead points ca1 not intermediate or root ca.

      the issuing certificate on ca2 runs out in 2 weeks , not let me install certificate manually.

      this tried manual way follows:

      • looked on c drive ad see req file
      • sent request file on c drive root ca
      • now go root ca , open certificate authority mmc
      • right click root ca > tasks > submit new request
      • select req file have copied onto root ca , select ok
      • now go pending requests , issue certificate requested
      • now go issued certificates
      • double click certificate have issued , go details tab
      • select copy file
    • export certificate cer file , copy certificate on issuing ca2
  • i went issuing ca2 , right clicked on ca2 in certificate authority > tasks >

but “install certificate” option no longer showing

answers or of below quesyions appreciated ;)      

  1.        is there fix getting install certificate option in ‘all tasks’?
  2.        if not there other way of renewing certificate?
  3.        is there way around or way revert previous certification state?

would fact ad integrated cause issue preventing further renewals?

please note tried importing cer file in personal certificates on ca2 again when check see if updated, still points issuing ca1 instead of intermediate/root ca information provided cer file imported in personal certificate 

thanks in advance 

hi,

if "install ca certificate" is missing in gui, can use command line install certificate.

certutil -installcert path_of_your_cert

note: after installation, need restart ca let change take effect.

best regards.

steven lee please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.




Windows Server  >  Windows Server 2012 General



Comments

Post a Comment