?
Solved

This CA Root Certificate is not trusted.  To enable trust, install this certificate in the Trusted Root Cerification Authorities Store.  How do i do this?

Posted on 2009-04-29
12
Medium Priority
?
22,051 Views
Last Modified: 2012-05-06
This is the error that I am getting in IIS on an Exchange 2007 Standard  Edition 64 bit Server.
This CA Root Certificate is not trusted.  To enable trust, install this certificate in the Trusted Root Cerification Authorities Store.  How do i do this?
0
Comment
Question by:usts-pw
  • 5
  • 2
  • 2
  • +3
12 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 24266314
you should be able to right click on the root certificate and select install, that should install the root cert!
0
 

Author Comment

by:usts-pw
ID: 24266402
I am really lame here.  Where do i find my root certificate?
0
 
LVL 7

Expert Comment

by:Onlyodin
ID: 24266410
You can view the certificate, then install it, but this error may be due to exchange / iis using a self-signed certificate.

You would be best to either purchase a certificate (if you are planning to publish the exchange externally for Activesync or OWA), or generate a certificate using a Domain Root CA (a Certificate Services Server).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:klulue123
ID: 24266504
go to https://servername/certsrv  and download the certificate from there.  Then just double click on it and it should install.
0
 

Author Comment

by:usts-pw
ID: 24266712
Onlyodin.  
I have a cert that has been purchased.  It is about to expire and I am simply trying to properly renew it.  Expiration date is 5-2-9.  I also have 2 other certs in the Personal folder.  When viewed they have red x's through them that says "This CA Root certificate is not trusted.  To enable trust, install this cerificate in the Trusted root Cerification Athorities Store".  
When I right click on the purchased cert (which is also in the Personal-Cerificates folder) I have 4 choices
Request Cert with New Key
Request Cert with Same Key
Renew Cert with New Key
Renew Cert with Same Key
If I select Renew *, I get an error saying, "This certificate cannot be renewed because it does not contain enough information to generate a renewal request.  Please request a new certificate"
If I select Request * , I get an error saying " The wizard cannot be started because of one or more of the following conditions:
There are no trusted certificatoin authourities (CAs) available
You don not have the permissions to request cerificates from the available CAs
The available CAs issue certicates for which you do not have permissions

0
 

Author Comment

by:usts-pw
ID: 24266721
Klulue123!!
I tried that and it didn't work.  It looked like it was going to.

I know in the command to substitute my servername but the second word /certsrv was correct right?
0
 

Author Comment

by:usts-pw
ID: 24266733
peralesa!!

Thanks for the responce.   I saw where I can do that from the location of the certs in the file system.   These are the old ones though that are the ones that need replacing or renewing so I am at a bit of a loss.  Any other suggestions?

Thanks,
Paul
0
 
LVL 1

Accepted Solution

by:
klulue123 earned 2000 total points
ID: 24268828
If this is a purchased cert, you will need to go back to where you purchased it and purchase another one.  You should be able to find who issued the cert by opening it and seeing where it says issued by:
Then you will need to generate a new request and then they can send you a new cert.  This website is really good for assisting in requesting a new cert: https://www.digicert.com/easy-csr/exchange2007.htm.  It has all the tools you need to generate a cert request and tells you how to apply it to exchange 2007.

My previous post was assuming that you had your own Enterprise CA.  - Purchased certs are much better for the end user.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24270215
Contacting the cert vendor is probably easiest, but you can locate the correct CA certificates this way:
- double click to open up the certificate the you received from the vendor in your email
- details tab
- look through the list of attributes for "Authority Information Access" (AIA) and click to highlight it
- the bottom part of the window will show one  or more locations to access the CA certificate that issued your SSL cert - click that and open it.
- details tab of the ca cert
- copy to file button
- follow the wizard to save to file

repeat this process until you get to the root certificate - this will not have an AIA listed.  You can also confirm that it is the root by validating that the Subject and Issuer attributes have the same things listed.  Copy this to file as well.

Since this is the web server, it is best to install all CA certificates, however only the root cert needs to be assigned to the trusted root certification authorities store - often this will end up there if you let windows decide, but if you have problems choose to select the store and browse, check the box for 'show physical stores' and then select the trusted root CA store.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24270254
Also note - you might question where you got the cert from if you don't trust the root for it yourself.  If you don't already trust it - would you expect your customers to trust it (and thus trust your site with their money)?

If it is from godaddy, you may need to update your server to the latest service pack and that will have their root included.  Alternatively, you can do windows update and look for the optional/recommended installs and look for the root certificate update.  Since this is not critical or high severity, it doesn't always get installed by a lot of people, however most home users would have already applied the service pack by now, and root certs are updated automaticallly from microsoft upon first access in Vista/2008 and newer.
0
 

Author Closing Comment

by:usts-pw
ID: 31576260
Thanks for the imput.  I ended up calling Microsoft and opening a call and they sifted through the reckage.  Thanks!  Paul
0
 

Expert Comment

by:TG_Sekhar
ID: 33071129
We are using Load Balancer named Radware(App Director) in our organisation. Today our application certificate was expired. so we have changed the new certificate,After changed new certificate our clients are not able to connect application. They are not able to connect application. They are getting the below error. " This CA Root Certificate is not trusted.  To enable trust, install this certificate in the Trusted Root Cerification Authorities Store.  How do i do this?"
 
Senthilkumar.R
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Microsoft OS looks great, is easier than ever to upgrade to, it is even free.  So what's the catch?  If you don't change the privacy settings, Microsoft will, in accordance with the (EULA) you clicked okay to without reading, collect all the…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Viewers will learn the different options available in the Backstage view in Excel 2013.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question