Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md

Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md

@@ -142,7 +142,14 @@ At this point, we will need to focus on getting the certificate signing request
     - Click on "**All Tasks" > "Install CA Certificate**"
         - Browse to and select `LAB-CA-02-SubCA.cer` (*you may need to change the cert file extension filter to `X.509 Certificate`*)
         - When prompted for the CA chain or root certificate, browse for and select the `RootCA.cer` you transferred earlier along with the `LAB-CA-02-SubCA.cer`
-        - 
+        - Launch `certsrv.msc` to open the `[Certificates - Local Computer]` management window
+            - Right-Click "**Trusted Root Certification Authorities**" > All Tasks > Import
+                - Click "**Next**"
+                - Browse to the `BunnyLab-RootCA.crl` located on `\\LAB-CA-01\CertEnroll\BunnyLab-RootCA.crl` (*if the RootCA is temporarily on the network*) or copy the file manually via USB drive from `C:\Windows\System32\certsrv\CertEnroll\BunnyLab-RootCA.crl`
+                - Place all certificates in the following store: "Trusted Root Certification Authorities"
+                - Click "**Next**" and finish importing the Certificate Revocation List
+    - Right-click the CA node in the treeview on the left-hand sidebar (e.g. `BunnyLab-SubordinateCA-01`)
+    - Click on "**All Tasks" > "Start Service**"
 
 5. Ensure the Root CA certificate is also imported into the Trusted Root Certification Authorities store for both the local machine and the CA service.
 - Open certlm.msc, right-click Trusted Root Certification Authorities > Certificates, and select Import...