?
Solved

Can't issue SSL certificate to web server - "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

Posted on 2006-06-09
5
Medium Priority
?
4,964 Views
Last Modified: 2009-06-15
I'm running a W2k domain with a W2k3 Certificate Authority (Enterprise, Root).  I can request a cert for SSL on the CA, but if I try to do this from another computer (XP), then I get the error on the CA: ""A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

After checking the event log, I also find: "Certificate Services could not process request 10 due to an error: The request's current status does not allow this operation. "

And:

"Certificate Services could not publish a Base CRL for key 0 to the following location: ldap:///CN=Medapp Root CA,CN=serv03,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=ecfs,DC=net.  The specified server cannot perform the requested operation. "

Thank you
0
Comment
Question by:fuze44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 6

Expert Comment

by:tatw
ID: 16882991
First of all, have u add the root cert to your XP computer?
0
 

Author Comment

by:fuze44
ID: 16889954
Yes, via the Certsrv web page.  The XP system stated that it installed successfully, but the server's Application log instantly logged 5 entries of:

Could not build a certificate chain for CA certificate 0 for Medapp Root CA.  A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).
0
 

Author Comment

by:fuze44
ID: 16896554
tatw, I figured it out.  Thanks anyway.

Root CA cert must be placed into Trusted Root Certification Authorities.

1. CA MMC: Root CA Properties: General: View Certificate: Details: Copy to File
2. Group Policy for Default Domain Policy MMC: Comp config: Windows Settings: Security Settings: Public Key Policies: Trusted Root Certification Authorities: Import (r-click)
3. CMD: GPUPDATE
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 16932559
Closed, 500 points refunded.
Netminder
Site Admin
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question