Creating Standalone root and Enterprise Subordinate

thickSkinthickSkin Member Posts: 45 ■■□□□□□□□□
Good day:
I created a standalone root CA but when i tried creating the enterprise subordinate i get a message that the root ca could not be contacted. The standalone root CA is configured as a workgroup and the subordinate ca is a domain member. They are both on the same subnet and can ping each other. I am new to this, so i really do not know what to do next.

Thanks.

Comments

  • dhendersondhenderson Member Posts: 27 ■□□□□□□□□□
    Im new to this as well but is your Root CA online as well?
  • DragonNOA1DragonNOA1 Member Posts: 149 ■■■□□□□□□□
    thickSkin wrote: »
    i get a message that the root ca could not be contacted.

    How do they contact each other, with DNS? Are they using the same internal DNS server?
    The command line, an elegant weapon for a more civilized age
  • undomielundomiel Member Posts: 2,818
    You'll need to save your certificate request and manually submit it to the root CA. Take a look at the tutorial here, it gets pretty in depth on the whole CA configuration process. Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation - Ask the Directory Services Team - Site Home - TechNet Blogs
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • thickSkinthickSkin Member Posts: 45 ■■□□□□□□□□
    dhenderson wrote: »
    Im new to this as well but is your Root CA online as well?

    Yes the Root CA is online
  • thickSkinthickSkin Member Posts: 45 ■■□□□□□□□□
    DragonNOA1 wrote: »
    How do they contact each other, with DNS? Are they using the same internal DNS server?
    The DNS server is on the enterprise subordinate. I configured the root CA to use it as it's preferred DNS. I was checking again this morning and i got this message " Please make sure there is a CA running on the computer"
  • thickSkinthickSkin Member Posts: 45 ■■□□□□□□□□
    undomiel wrote: »
    You'll need to save your certificate request and manually submit it to the root CA.

    I tried this and it worked. I however got a message saying that the root CA is untrusted.
  • DragonNOA1DragonNOA1 Member Posts: 149 ■■■□□□□□□□
    So how would you go about getting a computer to trust a root CA? Sorry for the questions, just trying to make you think the process through,
    The command line, an elegant weapon for a more civilized age
  • thickSkinthickSkin Member Posts: 45 ■■□□□□□□□□
    DragonNOA1 wrote: »
    So how would you go about getting a computer to trust a root CA? Sorry for the questions, just trying to make you think the process through,

    when i saw the message i immediately knew that there was a problem and i am trying to get it fixed. Just started with a list of what would make it untrusted in the first place and work my way up from there.
Sign In or Register to comment.