Forum Discussion
Issue with creating an issuing CA in Cloud PKI
I have activated an trial license for Cloud PKI a couple of days ago.
I follow this guide to create a Root and Issuing CA https://oliverkieselbach.com/2024/03/04/how-to-configure-cloud-pki-certificate-based-wifi-with-intune/
I could create a root certificate successfully, but when i want create an issuing certificate i'm getting this error 'CA failed to be created'
I have waited to a couple of hours to try it again but still no luck.
What can cause this issue and how to solve this?
5 Replies
I solved it but not in a way i was expecting it.
I had configured the root CA validity at 25 years and the Issuing CA at 10 years. That failed.
I now lowered the validity of the issuing CA to 8 years. That worked.
Is there known issue that selected 10 years results in this error?Thank you for the update.
Could be a known issue or also could be a backend service validation (just my guess).
The only officially authoritative way to confirm whether this is a bug or an intentional backend limit, is to open a Microsoft support case. Internally they can see the validation rule that caused the failure something not exposed publicly or they just need to update their documentation up-to 8 years for Issuing CA.
https://learn.microsoft.com/en-us/intune/cloud-pki/configure-ca?utm_source=chatgpt.com#step-2-create-issuing-ca-in-admin-center
Thanks for that..
Seems like a bug that shouldn't be limited to 8 years (if 8 is the Max then why allowing 10 as an option??).
Thanks for sharing, I was stuck on exactly the same thing.
Lowering the validity of the issuing CA to 8 years did the trick.
