📄️ Setup Overview
In this section we will add the previously created example AD CS role to the Subordinate CA Server, which must be a member of the domain. Please adhere to the followin prerequisites as they are required for this section:
📄️ Setup the AD CS Role
Install AD CS Role
📄️ Signing CSR with Root CA
Copy the subordinate CA’s request file .req from the subordinate CA to the root CA for acquiring a certificate in .p7b with complete certificate chain for the subordinate CA accordingly. On the root CA server, open the CA console to submit the request file, Demo-CAS.hsmdemo.test_hsmdemo-DEMO-CAS-CA.req, as shown below.
📄️ Adapting Publication Points
To be more flexible use DNS names, pointing to the Sub-CA, the IIS web-server and an external web-server. To adapt the publication points, follow the steps below:
📄️ Publishing Certificate Revocation List
In certsrv, in the Explorer pane, expand our SUBCA, right-click Revoked Certificates, point to All Task, and then click Publish.
📄️ Distributing Root CA Certificate to Domain
- At this time, distribute the root CA certificate to the domain by importing the root CA certificate into Trusted Root CA of Public Key Policies at an intended domain level GPO, and then the subordinate CA is in place.