Hey folks! I'm just diving into Active Directory Certificate Services (AD CS) and I'm trying to set up an Enterprise subordinate Certificate Authority (CA). My setup includes a Domain Controller (DC01), an Offline Standalone Root CA (APP010), the Enterprise subordinate CA (APP011), and an IIS Webserver (APP012). I've managed to follow the setup instructions and completed most of the steps, but I'm running into an issue at step 60. I get an error stating that the 'CertUtil: -installCert command FAILED: 0x80070002' and that the file cannot be found. I've already verified that the document is accessible and even tried importing the certificate using Import-Certificate and installing the certificate chain in p7b format. I'd appreciate any guidance on how to resolve this!
2 Answers
Double-check where your cert file is located. If it's on a virtual floppy image or a different drive, that could be causing the error. Try copying it to a temp folder on the subordinate server and then run the command again from there. It might just need that direct access to find the file!
It sounds like you need to ensure you’re pointing to the correct path for the signed certificate when running the install command. Make sure you provide the full path and that you're using an elevated command prompt to make this work properly. Once you have that in place, it should go through!
Yeah, I’m stuck as well. I’m using a Domain Admin account for the installation but still running into issues. Might be something else that needs checking.
The cert file is actually in C:CASetup. I'll try moving it to a temp folder to see if that fixes the issue. Thanks for the suggestion!