top of page

How to install Subordiante CA in Windows Server 2012 R2

In the post,Will show you how to install Subordinate CA where you have already have Enterprise ROOT-CA available in the domain. Ideally, When you install Subirdiante CA Under ROOT-CA is called 2-Tier PKI Infrastructure. Many Organizations they use 2-Tier Method to avoid abnormal down due to the Servers, Threats and Vulnerability.

ROOT-CA or Offline-CA will be in the out of network and kept in Isolated network to avoid the missusing of the Certificate Services.

Subordinate-CA or issueing CA will be used to issue the Certificates to the Computers, Users and Websites.

I cover here how to install Subordinate-CA, Please refer the article to learn how to install ROOT-CA.

Install Certificate Service role from the Server Manager and Click on Configure Active Directory Certificate Services on the destination server


Select the Enterprise account of the domain which allowed to Install the certificate Services and Click on Next


Select Certificate Authority and Click on Next 


Select Enterprise CA and Click on  Next


Select Subordinate CA and Click on Next


Select Create a new private key and Click on Next


Click on Next after selecting the Cryptographic Options


Give the Name for the CA and Click on Next


Majority of CA Administrators will keep the ROOT-CA Servers in offline or isolated network, hence generate the request for and save it in the location system


Select the Database Location and Log Location paths and Click on Next


Click on Configure


Now CA is ready to configure, What we need to take that reuqest file to the ROOT-CA Server and get the certificate. Click on Close.


Copy the request for from the Saved path to the ROOT-CA Server Manually.


Login in to ROOT-CA–>Right click on ROOT-CA–> All Tasks-->Submit new request


Select the Request file and click on Open

You will get the certificate to save in the shared path to take it to the Subordinate CA Server once submitted,

Now, Click on Certificate Authority in the Subordinate CA Server


Click on Install CA Certificate


Select the Certificate from the Shared path and click on Open


Click on Start Service


Click on Properties once service started successfully.

You can see the Certificate got installed and ready to issue certificates from the Subordinate CA.

1 view0 comments

Recent Posts

See All

Error 400 Bad Request when connecting ADFS Services

Noticed Error 400 Bad request in ADFS when trying to reach adfs services for authentication. ideally it happens if created CNAME record for ADFS Services. ADFS Will not support mapping the CNAME Recor


bottom of page