Hi dema, I havent tested it lately, but it should work.
Just create an intermediate CA Cert/Key pair and upload it into an Astaro as a signing CA. You also need to upload the certs of all intermediate and root ca, so we can do a full path verification.
Aastaro as the new signing ca, you should be able to create new certs within this intermediate ca.
To generate the keys for a Subordinate Certification Authority I need a request for my Windows 2008 R2 Integrated CA. How can I generate such a request in Astaro ASG? …or I’m wrong?
The ASG is at the moment out of the box not able to generate a CSR. So you'll have to create a full new CA key on your Windows CA and export it together with its private key and upload it to the ASG.
It's a bit tricky and depending on what CA you want to change (there are ~ 5 different, independant CAs on the ASG) you might have to talk to support (if you have a commercial license) or play around / repoint REF_s (if you have a home use license / no need for Support), but it should be generally possible to replace any Astaro CA with a public/private key pair that you've uploaded.
If you give some more details, I might be able to describe this a bit better.
