Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can't issue SSL certificate to web server - "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

Posted on 2006-06-09
5
Medium Priority
?
4,983 Views
Last Modified: 2009-06-15
I'm running a W2k domain with a W2k3 Certificate Authority (Enterprise, Root).  I can request a cert for SSL on the CA, but if I try to do this from another computer (XP), then I get the error on the CA: ""A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

After checking the event log, I also find: "Certificate Services could not process request 10 due to an error: The request's current status does not allow this operation. "

And:

"Certificate Services could not publish a Base CRL for key 0 to the following location: ldap:///CN=Medapp Root CA,CN=serv03,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=ecfs,DC=net.  The specified server cannot perform the requested operation. "

Thank you
0
Comment
Question by:fuze44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 6

Expert Comment

by:tatw
ID: 16882991
First of all, have u add the root cert to your XP computer?
0
 

Author Comment

by:fuze44
ID: 16889954
Yes, via the Certsrv web page.  The XP system stated that it installed successfully, but the server's Application log instantly logged 5 entries of:

Could not build a certificate chain for CA certificate 0 for Medapp Root CA.  A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).
0
 

Author Comment

by:fuze44
ID: 16896554
tatw, I figured it out.  Thanks anyway.

Root CA cert must be placed into Trusted Root Certification Authorities.

1. CA MMC: Root CA Properties: General: View Certificate: Details: Copy to File
2. Group Policy for Default Domain Policy MMC: Comp config: Windows Settings: Security Settings: Public Key Policies: Trusted Root Certification Authorities: Import (r-click)
3. CMD: GPUPDATE
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 16932559
Closed, 500 points refunded.
Netminder
Site Admin
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Learn about cloud computing and its benefits for small business owners.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question