Public Key Infrastructure (PKI) Basics #2 – Subordinate CA Installation

Part one can be found here.

Add the role

Configure Active Directory/Certificate Authority
Navigate to the C:\ drive and locate the signing request.
Verify that the certificate service was installed.
Configure the Root CA Edit the CRL on the root CA.

Right-click on the root CA > click properties > click the extensions tab > click add

Edit the CRL Distribution Point
Edit the Authority Information Access (AIA) section
Extend the revoked certificate properties > Extend the CRL publication interval.

Right-click on the “revoked certificates.” > properties

Publish the changes
The cert files can be found here…

Copy the cert request from the intermediate CA to the Root CA.

Map a network share

Note: Copy the following files from the Root CA to the intermediate CA file path.

From the root CA.

To the intermediate CA


Go to the root CA

Right-click on the root certificate

The submitted file can be found under the “pending requests” certificate folder and must be manually approved.

Right-click on the “pending requests” folder

The issued certificate will be moved to the “issued certificates” folder

Export the Certificate

Open the certificate

Export the desired formats.

Two files were extracted and saved

Log into the intermediate CA and Install the Certificate

Go to the certificate authority

Right-click on the CA

The certificate will be installed. Start the service.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.