I'm configuring a CRL online responder, but running into a problem. The configuration is a simple as could be I would think -- a fresh Server 2016 install, Enterprise root CA. I go through the revocation config creation wizard as described in an MCSA guide book, signing the config with the CA certificate. There are no other certs to use, and this one is valid.
But when complete the status is "Bad signing certificate on array controller". I have googled this and the fix seems to be to click "Assign Signing Certificate" and select the cert again there, but for me this is greyed out.
Any ideas?
Turns out there was another step required in configuring certificate services which is easy to miss (for a Windows novice anyway). If you install the feature with cli -- "Add-WindowsFeature ADCS-Online-Cert" -- you will miss a post-install config step which won't present itself until you next open Server Manager. When you do, click on the notification flag then 'next' through the dialog boxes. Without this step you can still configure the online responder but it will be invalid.