08. Install and Configure Enterprise Subordinate Root CA Part-1
Рет қаралды 37,600
Күн бұрын
@mohittandon1931 26 күн бұрын
You have an excellent presentation kills. Literally speaking awesome explanation explaining the smallest of things - so much focus you have; Kindly let me know what you do to maintain so much focus.
@fbifido2 3 жыл бұрын
@17:16 - what are the default templates needed for ADCS to operate properly in Windows Server 2019 & Windows 10 network ??? Users Computers OCSP Domain Controller web server RDP Cert
@mohittandon1931 13 күн бұрын
at 16:09 by mistake instead of choosing install CA, i did request CA certificate; i realised later, but how can i fix it? after realising I am not getting otion to install CA.
@lahirunimnajith3519 11 ай бұрын
thank you brother
@gauravkadam7964 4 жыл бұрын
you are great man, this video helped me a lot. thanks..
@paultt66 4 жыл бұрын
I ended up getting the AIA location in PKIview as the same location as the CDP. The entire URL with the .crl not the .crt. Not sure what happened.
@robertjude7880 Жыл бұрын
why is my Sub CA server certificate showing only 1year validity... where have i gone wrong.
@leonardolemos1003 Жыл бұрын
On which server should I run the certutil.exe commands (minute 4:00) (root - subordinate or domain controller) ?
@MSFTWebCast Жыл бұрын
On member server where you are planning to setup enterprise subordinate CA. So it may be member server or domain controller as per your setup. I have used dedicated member server for enterprise subordinate CA.
@leonardolemos1003 Жыл бұрын
@@MSFTWebCast Thanks for the answer, in my project the server with the CA Subordinate role is independent from the Domain Controller, I have followed all the steps according to your explanation, but when executing the certutil.exe -dsPublish commands, it returns the following error : DecodeFile returned The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND) Could not load Certificate or CRL from file (The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)) CertUtil: -dsPublish command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND) CertUtil: The system cannot find the file specified.
@gertthoonen7101 Жыл бұрын
Hi, my CDP and AIA not updating. If I look in pkiview and copy the URL, I can reach the URL but my files are not there :-( If I copy the generated files from C:\Windows\System32\certsrv\CertEnroll to the URL directory then it is all ok. I miss something in writing to the folder, I gave full control to "cert publisher". Please Help?
@gertthoonen7101 Жыл бұрын
Anyone???
@GohWenShin0107 2 жыл бұрын
Hi, how could I change the DeltaCRL Location http url? Seem like I couldn't change under CDP extension, it doesn't take effect... please help me...
@MSFTWebCast 2 жыл бұрын
Go to CA properties. Click the Extensions tab. Make sure that Select extension is set to CRL Distribution Point (CDP). From the Specify locations, add or remove the locations.
@GohWenShin0107 2 жыл бұрын
@@MSFTWebCast Yes, I did that but it doesn't help. At first, I followed your guide to set to www. but the status of AIA, CDP and DeltaCRL still showed "Unable To Download" even after enabling "Directory Browsing" on IIS. Then I changed the to FQDN of the Subordinate CA server, the status of AIA and CDP changed to "OK", but DeltaCRL is still "Unable To Download" and the URL is still showing the old that I set, which is "www.". Any other ways to change it? I have already tried a few times remove and add but still doesn't work on DeltaCRL...
@robertjude7880 Жыл бұрын
and in the template why am i see duplicate template. all the template are dual.
@Manu--wc9yq Жыл бұрын
Does anyone has the problem that once install the subordinate CA the LDAP Still appearing as Unable to download? In ADSIedit, appears the respective Enterprise CA CRLs and CDPs, but does not update in the PKIview, do you have an Idea?
@ianwillis5292 4 ай бұрын
did you ever figure this out? im seeing the same thing right now
@swatisharma7691 2 жыл бұрын
What will happen if loaddefaulttemplate =0 on ca policy. Inf. Will the default template be visible on enterprisecA?
@MSFTWebCast 2 жыл бұрын
Yes, setting the LoadDefaultTemplates=0 prevent the default templates from being added to the Enterprise CA. By default the value is 1 so the default templates are added automatically.
@rohithsaran6749 4 жыл бұрын
You didn't showed that to install AD certificate server role on member server.Do we need to install?if we didn't install we won't be able to execute commands on PS with cerutil
@alexey256 2 жыл бұрын
Could you please post here the commands from your notepad?
@MSFTWebCast 2 жыл бұрын
Here you go: Notepad C:\Windows\CAPolicy.inf [Version] Signature=”$Windows NT$” [PolicyStatementExtension]Policies=InternalPolicy[InternalPolicy] OID= 1.2.3.4.1455.67.89.5[Certsrv_Server]RenewalKeyLength=4096 RenewalValidityPeriod=Years RenewalValidityPeriodUnits=10 LoadDefaultTemplates=0 Save the file. certutil.exe -dsPublish -f "C:\NameofCert with .crt" RootCA certutil.exe -dsPublish -f "C:\NameofCert with .crl" RootCA certutil.exe -addstore -f root "C:\NameofCert with .crt" certutil.exe -addstore -f root "C:\NameofCert with .crl"
@zephteo6029 Жыл бұрын
@@MSFTWebCast Hello there, love the video and the walk through, i would like to ask you how you know what OID to use
@MSFTWebCast Жыл бұрын
@@zephteo6029 The OID (Object ID) I used in this example is the Microsoft OID. You can get your own OID via PEN registration on IANA.
@justjonvlogs9178 Жыл бұрын
Wheres the file to copy paste?
@MSFTWebCast Жыл бұрын
Sorry. Here is the text. [Version] Signature=”$Windows NT$” [PolicyStatementExtension]Policies=InternalPolicy[InternalPolicy] OID= 1.2.3.4.1455.67.89.5 [Certsrv_Server] RenewalKeyLength=4096 RenewalValidityPeriod=Years RenewalValidityPeriodUnits=10 LoadDefaultTemplates=0
@ahmedsaad-lk2og 2 жыл бұрын
okk
@ArifMuradl 9 ай бұрын
amazing. I understand nothing ))))
@MSFTWebCast 9 ай бұрын
Try again.
@ArifMuradl 9 ай бұрын
@@MSFTWebCast just a joke bro. Thank you for the video
NetworkConfigChris
Рет қаралды 4,9 М.