I'm not experienced with certificates, so I'm learning this as I go. Our subordinate CA cert expired on the 24th. As I understand it, it should have automatically renewed but it didn't. I'm trying to manually renew it but running into problems.
Used instructions from this page. Tried via GUI and command line.
Ran in powershell as administrator
certutil -renewcert
CertUtil: -renewCert command FAILED: 0x8007139f (WIN32: 5023)
CertUtil: The group or resource is not in the correct state to perform the requested operation.
Right clicking on the cert in the certificates MMC and attempting to renew the certificate generates this error:
I've checked the permissions on the template and domain admins have full permissions. Just to be sure, I gave myself explicit permissions on the template but that didn't help anything.
I've gone to the CA-Authority MMC, stopped the service and then tried to renew the CA cert from there and this is the error I get there:
I have no idea where to go from here. I'm sure I've missed some steps or might possibly be looking in the wrong direction all together.