[Pki-users] Creating a sub-ca under an external CA?

Hi - One of my customers has an existing root key pair and CA cert that exists outside of Dogtag. I want to create a CA immediately subordinate to that root CA and use Dogtag for it. After numerous attempts to adopt Dogtag to an external CA, I admit to defeat. I've tried this with and without a PKCS7 chain, I've tried various extensions and formats for the new CA cert, etc. The CA system comes up, looks good, but looking at the SSL hand shake with "openssl s_client" shows that the server isn't providing the entire chain, only the certificate for the server itself. Taking all of the certs in the chain from root through server and running them through the Java cert path checking routines seems to indicate the certs are fine. If I build a system from scratch - with a new root cert and key pair in one CA and then build a subordinate CA under that in the same domain it works perfectly. Has anyone else tried this? If so, can you give me a step-by-step please? Help! Mike