Subordinate CA certificate renewed but issuing templates fail

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

A CA renewal appears complete, yet new certificate issuance begins failing for previously healthy templates.

Recommended Resolution Path

  1. Review CA service state, chain trust, and template publication after the renewal.
  2. Confirm clients trust the renewed chain and that CRLs are updated.
  3. Test one low-risk template issuance before assuming the CA is fully healthy.
  4. Capture the renewal sequence for future maintenance documentation.

Technician Notes

Capture the exact scope of impact, confirm which dependency failed first, and document whether the issue reflects broader domain or server drift.

Subjects
Servers & Infrastructure
Certificate Services