Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Installing site server Certificate for SCCM

Posted on 2012-04-06
4
Medium Priority
?
2,144 Views
Last Modified: 2012-04-08
I am trying to install SCCM 2012 in a test lab and am trying to import a certificate on the site server by following the instructions outlined here:

http://technet.microsoft.com/en-us/library/cc872789.aspx#BKMK_siteserver12008

I am able to get to the point where it says to " Type the following command, and then press Enter: certreq –accept sitesigning.cer"

When I do that, I receive the following error: "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487)"

I'm not quite sure what to do as I followed all the other instructions.
0
Comment
Question by:max_owen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:James Haywood
ID: 37818814
Do you have the Root CA Cert in your Trusted Root Authorities?
0
 

Author Comment

by:max_owen
ID: 37818879
I don't believe so. I was looking into that last night. Is a Root CA Cert a computer certificate from the enterprise CA? I'm not quite sure how to request one.
0
 
LVL 17

Accepted Solution

by:
James Haywood earned 2000 total points
ID: 37819989
A Root Cert is the certificate from the CA itself. This has to be trusted to allow any certs it issues  to be trusted. Online authorities (Go daddy, Geo Trust, Globalsign etc) are automatically trusted by Windows as their Root Certificates are installed by default.

To export your Root CA Cert (instructions direct from Microsoft):

 
   a. Logon into Root Certification Authority Web Enrollment Site.
 
     Usually the Web Enrollment Site reside in following links:
 
              http://<ip_address/certsrv or http://fqdn/certsrv
 
               ip_address = Root Certification Authority Server IP.
 
               fqdn =  Fully qualified domain name of the Root Certification Authority Server.
 
   b. Click the "Download a CA certificate, certificate chain, or CRL" link.
 
   c. Press on "Download CA certificate" link.
 
   d. Save the file "certnew.cer" in local disk store.

I usually save the file to desktop. Doubleclick the certificate and select "install certificate", follow the wizard but ensure the cert is saved into the "Trusted Root Certification Authorities" store.
0
 

Author Comment

by:max_owen
ID: 37821257
OK, I tried that but it doesn't appear to actually import. It does not error out during your instructions but when I check the Trusted Root Cert Authorities the cert is not in there. I tried it on my test Windows 7 workstation and it imported fine and I was able to see it in the Trusted Root Cert Authorities. Not sure why it isn't working on my test 2008R2 SCCM server??
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question