Certificate enrollment request chain not trusted

Posted by makerofthings7 on Server Fault See other posts from Server Fault or by makerofthings7
Published on 2012-04-02T16:22:56Z Indexed on 2012/04/02 17:32 UTC
Read the original article Hit count: 275

I am working on a MSFT lab for Direct Access, and need to create a Web certificate. The instructions ask be to do the following:

  1. On EDGE1, click Start, type mmc, and then press ENTER. Click Yes at the User Account Control prompt.

  2. Click File, and then click Add/Remove Snap-ins.

  3. Click Certificates, click Add, click Computer account, click Next, select Local computer, click Finish, and then click OK.
  4. In the console tree of the Certificates snap-in, open Certificates (Local Computer)\Personal\Certificates.
  5. Right-click Certificates, point to All Tasks, and then click Request New Certificate.
  6. Click Next twice.
  7. On the Request Certificates page, click Web Server, and then click More information is required to enroll for this certificate.
  8. On the Subject tab of the Certificate Properties dialog box, in Subject name, for Type, select Common Name.
  9. In Value, type edge1.contoso.com, and then click Add.
  10. Click OK, click Enroll, and then click Finish.
  11. In the details pane of the Certificates snap-in, verify that a new certificate with the name edge1.contoso.com was enrolled with Intended Purposes of Server Authentication.
  12. Right-click the certificate, and then click Properties.
  13. In Friendly Name, type IP-HTTPS Certificate, and then click OK.
  14. Close the console window. If you are prompted to save settings, click No.

In production, our company has overridden the Web Server template and it doesn't seem to be issuing certificates with the full CA chain. When I look at the issued certificate properties then both tiers of the 2 tier CA hierarchy are missing.

How can I fix this? I'm not sure where to look outside the GUI.

© Server Fault or respective owner

Related posts about Windows

Related posts about active-directory