Need to renew or create (citrix server) web certificate (CA)
2012 R2 servers
Had to install new CA management server. Could not renew cert that expired today. Created new CA but shows as a failed request. "A required certificate is not within its validity period when verifying against the system clock or the time stamp" "Error verifying request signature or signing certificate"
Note: I did set the CA server for a default of 8 years for the cert period.
Our Citrix users cannot access the store front until this is corrected. Would gratefully appreciate assistance.
thank you
Wayne
Had to install new CA management server. Could not renew cert that expired today. Created new CA but shows as a failed request. "A required certificate is not within its validity period when verifying against the system clock or the time stamp" "Error verifying request signature or signing certificate"
Note: I did set the CA server for a default of 8 years for the cert period.
Our Citrix users cannot access the store front until this is corrected. Would gratefully appreciate assistance.
thank you
Wayne
ASKER
Hi. Citrix support said we can create our own which is what was done on the previous cert. The previous cert manager was retired so we could not renew the current cert. Could the lenght of the cert period (8 years be the issue?
I wouldn't think so.
By the error message, it sounds like some sort of time synchronization issue.
Are the dates/times correct on both the CA management server, and the PC requesting the certificate?
By the error message, it sounds like some sort of time synchronization issue.
Are the dates/times correct on both the CA management server, and the PC requesting the certificate?
ASKER
times are correct / within 1 minute
Does the Application Log show any errors that might suggest what the issue is?
ASKER
Here is the error:
Active Directory Certificate Services could not process request 10 due to an error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED). The request was for CN=citrix02.ablehc.local, OU=XenApp, O=Able Health Care, L=Merrick, S=NY, C=US. Additional information: Error Verifying Request Signature or Signing Certificate
It seems to be saying that the CA root certificate on the management server has expired.
Sorry, I'm not familiar with how to generate a new one, since I use certificates from a known CA (because of issues like these :)
Sorry, I'm not familiar with how to generate a new one, since I use certificates from a known CA (because of issues like these :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thawte has a 1 year SSL123 certificate for $149, and RapidSSL has one for $59.
At those prices, it's not worth the hassle.