Forum Discussion

Ronald-van-der-Meer's avatar
Ronald-van-der-Meer
Iron Contributor
Mar 11, 2026

Issue with creating an issuing CA in Cloud PKI

I have activated an trial license for Cloud PKI a couple of days ago. I follow this guide to create a Root and Issuing CA https://oliverkieselbach.com/2024/03/04/how-to-configure-cloud-pki-certifica...
Cloud PKI
Intune
Ronald-van-der-Meer's avatar
Ronald-van-der-Meer
Iron Contributor
Mar 11, 2026

I solved it but not in a way i was expecting it.
I had configured the root CA validity at 25 years and the Issuing CA at 10 years. That failed.
I now lowered the validity of the issuing CA to 8 years. That worked.

Is there known issue that selected 10 years results in this error?

PaulJebastin's avatar
PaulJebastin
Brass Contributor
Apr 30, 2026

Thank you for the update.

Could be a known issue or also could be a backend service validation (just my guess). 

The only officially authoritative way to confirm whether this is a bug or an intentional backend limit, is to open a Microsoft support case. Internally they can see the validation rule that caused the failure  something not exposed publicly or they just need to update their documentation up-to 8 years for Issuing CA.

https://learn.microsoft.com/en-us/intune/cloud-pki/configure-ca?utm_source=chatgpt.com#step-2-create-issuing-ca-in-admin-center