Thank you for the heads up about the enterprise admins membership and the periods, they solved my "cannot verify certificate chain" error.
@mariob47353 ай бұрын
Hello, I'm facing the same issue here, I'm installing everything with default Administrator account that's already in Enterprise Admins group. This is my homelab infastructure so I think it's fine :) I still have the issue though, I even started rootCA back if it matters but it didn't help. Any ideas? EDIT: I found it! It was DNS, or rather typo in CNAME that pointed to "clr" instead of "crl". Setting this up at 1AM is not the best idea haha
@ericneo23 ай бұрын
@@mariob4735 Double check your rootca url points to your intermediate, put DNS entries for both, add "Enterprise Admins group" to your Domain Admin account and on the rootca before signing the request set the following: certutil -setreg CA\CRLPeriodUnits 6 certutil -setreg CA\CRLPeriod "Months" certutil -setreg CA\ValidityPeriodUnits 5 certutil -setreg CA\ValidityPeriod "Years"
@kendalwhite17258 ай бұрын
Thanks for the video. One issue I'm running into is when importing the subordinate certificate into the Certification Authority, I get an error message "Cannot verify certificate chain. The revocation function was unable to check revocation because the revocation server was offline." Any thoughts?
@ericneo28 ай бұрын
Same. No one seems to have an answer online. The only thing that makes sense to me is the URL for the root CA in the signed certificate is unreachable or some service that is suppose to respond isn't doing so. Possible solution: The Domain Admin account that you use on the sub/intermediate CA at 4:24 needs to have Enterprise Admins group added. By default Domain Admin accounts are missing the Enterprise Admins membership.
@riccardorighetti56322 ай бұрын
Hey man, next time zoom in the windows you focus in. Text was totally unreadable! You had a ton of viewport space totally useless and the space you were working was totally unreadable!