Forum Discussion
Issue with creating an issuing CA in Cloud PKI
I solved it but not in a way i was expecting it.
I had configured the root CA validity at 25 years and the Issuing CA at 10 years. That failed.
I now lowered the validity of the issuing CA to 8 years. That worked.
Is there known issue that selected 10 years results in this error?
Thank you for the update.
Could be a known issue or also could be a backend service validation (just my guess).
The only officially authoritative way to confirm whether this is a bug or an intentional backend limit, is to open a Microsoft support case. Internally they can see the validation rule that caused the failure something not exposed publicly or they just need to update their documentation up-to 8 years for Issuing CA.
https://learn.microsoft.com/en-us/intune/cloud-pki/configure-ca?utm_source=chatgpt.com#step-2-create-issuing-ca-in-admin-center
Thanks for that..
Seems like a bug that shouldn't be limited to 8 years (if 8 is the Max then why allowing 10 as an option??).
Thanks for sharing, I was stuck on exactly the same thing.
Lowering the validity of the issuing CA to 8 years did the trick.
Hi, just wanted to leave a comment here to thank you for troubleshooting this! Great work!
Changing from 10 to 8 years on the issuing CA solved it for us as well
Great job with the UI and error messages, Microsoft 😒
