Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5029
  • Last Modified:

Can't issue SSL certificate to web server - "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

I'm running a W2k domain with a W2k3 Certificate Authority (Enterprise, Root).  I can request a cert for SSL on the CA, but if I try to do this from another computer (XP), then I get the error on the CA: ""A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

After checking the event log, I also find: "Certificate Services could not process request 10 due to an error: The request's current status does not allow this operation. "

And:

"Certificate Services could not publish a Base CRL for key 0 to the following location: ldap:///CN=Medapp Root CA,CN=serv03,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=ecfs,DC=net.  The specified server cannot perform the requested operation. "

Thank you
0
fuze44
Asked:
fuze44
  • 2
1 Solution
 
tatwCommented:
First of all, have u add the root cert to your XP computer?
0
 
fuze44Author Commented:
Yes, via the Certsrv web page.  The XP system stated that it installed successfully, but the server's Application log instantly logged 5 entries of:

Could not build a certificate chain for CA certificate 0 for Medapp Root CA.  A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).
0
 
fuze44Author Commented:
tatw, I figured it out.  Thanks anyway.

Root CA cert must be placed into Trusted Root Certification Authorities.

1. CA MMC: Root CA Properties: General: View Certificate: Details: Copy to File
2. Group Policy for Default Domain Policy MMC: Comp config: Windows Settings: Security Settings: Public Key Policies: Trusted Root Certification Authorities: Import (r-click)
3. CMD: GPUPDATE
0
 
NetminderCommented:
Closed, 500 points refunded.
Netminder
Site Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now