Solved

Can't issue SSL certificate to web server - "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

Posted on 2006-06-09
5
4,918 Views
Last Modified: 2009-06-15
I'm running a W2k domain with a W2k3 Certificate Authority (Enterprise, Root).  I can request a cert for SSL on the CA, but if I try to do this from another computer (XP), then I get the error on the CA: ""A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

After checking the event log, I also find: "Certificate Services could not process request 10 due to an error: The request's current status does not allow this operation. "

And:

"Certificate Services could not publish a Base CRL for key 0 to the following location: ldap:///CN=Medapp Root CA,CN=serv03,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=ecfs,DC=net.  The specified server cannot perform the requested operation. "

Thank you
0
Comment
Question by:fuze44
  • 2
5 Comments
 
LVL 6

Expert Comment

by:tatw
ID: 16882991
First of all, have u add the root cert to your XP computer?
0
 

Author Comment

by:fuze44
ID: 16889954
Yes, via the Certsrv web page.  The XP system stated that it installed successfully, but the server's Application log instantly logged 5 entries of:

Could not build a certificate chain for CA certificate 0 for Medapp Root CA.  A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).
0
 

Author Comment

by:fuze44
ID: 16896554
tatw, I figured it out.  Thanks anyway.

Root CA cert must be placed into Trusted Root Certification Authorities.

1. CA MMC: Root CA Properties: General: View Certificate: Details: Copy to File
2. Group Policy for Default Domain Policy MMC: Comp config: Windows Settings: Security Settings: Public Key Policies: Trusted Root Certification Authorities: Import (r-click)
3. CMD: GPUPDATE
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 16932559
Closed, 500 points refunded.
Netminder
Site Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now