Installing site server Certificate for SCCM

I am trying to install SCCM 2012 in a test lab and am trying to import a certificate on the site server by following the instructions outlined here:

http://technet.microsoft.com/en-us/library/cc872789.aspx#BKMK_siteserver12008

I am able to get to the point where it says to " Type the following command, and then press Enter: certreq –accept sitesigning.cer"

When I do that, I receive the following error: "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487)"

I'm not quite sure what to do as I followed all the other instructions.
max_owenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James HaywoodCommented:
Do you have the Root CA Cert in your Trusted Root Authorities?
0
max_owenAuthor Commented:
I don't believe so. I was looking into that last night. Is a Root CA Cert a computer certificate from the enterprise CA? I'm not quite sure how to request one.
0
James HaywoodCommented:
A Root Cert is the certificate from the CA itself. This has to be trusted to allow any certs it issues  to be trusted. Online authorities (Go daddy, Geo Trust, Globalsign etc) are automatically trusted by Windows as their Root Certificates are installed by default.

To export your Root CA Cert (instructions direct from Microsoft):

 
   a. Logon into Root Certification Authority Web Enrollment Site.
 
     Usually the Web Enrollment Site reside in following links:
 
              http://<ip_address/certsrv or http://fqdn/certsrv
 
               ip_address = Root Certification Authority Server IP.
 
               fqdn =  Fully qualified domain name of the Root Certification Authority Server.
 
   b. Click the "Download a CA certificate, certificate chain, or CRL" link.
 
   c. Press on "Download CA certificate" link.
 
   d. Save the file "certnew.cer" in local disk store.

I usually save the file to desktop. Doubleclick the certificate and select "install certificate", follow the wizard but ensure the cert is saved into the "Trusted Root Certification Authorities" store.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
max_owenAuthor Commented:
OK, I tried that but it doesn't appear to actually import. It does not error out during your instructions but when I check the Trusted Root Cert Authorities the cert is not in there. I tried it on my test Windows 7 workstation and it imported fine and I was able to see it in the Trusted Root Cert Authorities. Not sure why it isn't working on my test 2008R2 SCCM server??
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.