Co-existence of Windows Server Certification Authority (AD CS) and a Non windows Certification Authority Root certificate RRS feed

  • Question

  • Hi All,

    First of all, please excuse me if this is not the correct forum for asking this question.

    I have the following deployment scenario

    1. There exists a Non-windows server generated Root CA certificate, which is used to sign some entity certificates. These entities (devices) are operational.

    2. Now, i am trying to set up a Windows server Certification authority enabling AD CS roles. While configuring AD CS, i chose "chose existing private key" and tried to import the Non windows CA root certificates to the AD CS.

    In windows server 2012, an Error dialogue box pops up with no error information and in Windows server 2008, Error "the selected certificate could not be used" error pops up.

    I investigated this for some time and found that Windows server certificate uses a custom extension called "CA Version" for CA maintenance. Not sure whether this extension which is not present in the non windows CA root, is the reason for incompatibility.

    Kindly let me know if somebody has tried this kind of a scenario where you tried to import non windows root certificate to Windows server CA installation?

    Wednesday, August 27, 2014 11:12 AM