fuze44
asked on
Can't issue SSL certificate to web server - "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"
I'm running a W2k domain with a W2k3 Certificate Authority (Enterprise, Root). I can request a cert for SSL on the CA, but if I try to do this from another computer (XP), then I get the error on the CA: ""A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"
After checking the event log, I also find: "Certificate Services could not process request 10 due to an error: The request's current status does not allow this operation. "
And:
"Certificate Services could not publish a Base CRL for key 0 to the following location: ldap:///CN=Medapp Root CA,CN=serv03,CN=CDP,CN=Pub lic Key Services,CN=Services,CN=Co nfiguratio n,DC=ecfs, DC=net. The specified server cannot perform the requested operation. "
Thank you
After checking the event log, I also find: "Certificate Services could not process request 10 due to an error: The request's current status does not allow this operation. "
And:
"Certificate Services could not publish a Base CRL for key 0 to the following location: ldap:///CN=Medapp Root CA,CN=serv03,CN=CDP,CN=Pub
Thank you
First of all, have u add the root cert to your XP computer?
ASKER
Yes, via the Certsrv web page. The XP system stated that it installed successfully, but the server's Application log instantly logged 5 entries of:
Could not build a certificate chain for CA certificate 0 for Medapp Root CA. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).
Could not build a certificate chain for CA certificate 0 for Medapp Root CA. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).
ASKER
tatw, I figured it out. Thanks anyway.
Root CA cert must be placed into Trusted Root Certification Authorities.
1. CA MMC: Root CA Properties: General: View Certificate: Details: Copy to File
2. Group Policy for Default Domain Policy MMC: Comp config: Windows Settings: Security Settings: Public Key Policies: Trusted Root Certification Authorities: Import (r-click)
3. CMD: GPUPDATE
Root CA cert must be placed into Trusted Root Certification Authorities.
1. CA MMC: Root CA Properties: General: View Certificate: Details: Copy to File
2. Group Policy for Default Domain Policy MMC: Comp config: Windows Settings: Security Settings: Public Key Policies: Trusted Root Certification Authorities: Import (r-click)
3. CMD: GPUPDATE
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.