Hi Anders,
why do you want to import this Sub CA Certificate as a Root CA Certificate in Secure Login Server?
From my point of view (let's focus to the User CA) the Microsoft CA will be the PKI in your lanscape (e.g. issuing server certificates) and Secure Login Server will provide short-lived user certificates to your users. Refering to this use case it is suffcient to import User CA certificate only.
This User CA certificate is part of the Microsoft CA (PKI).
My suggestion is:
- Try to import as USER CA (in Secure Login Server)
- Check if the user will get a short lived user certificate (issued by this Sub CA Certificate and at the end having trust relation to the Microsoft CA)
Best regards,
Frane
