import certificate in windows core
I have a 2012 server running wsus and several other things. I want to separate wsus and put it on 2016 core. I got all those pieces done but the last part that isn't work is the certificate. We have a wildcard cert for the domain. Normally I would just import the pfx through the mmc but being core, have to do through powershell. I used import-pfxcertificate and it worked. However, it only imported the certificate, not the entire chain as it would if I imported through the mmc. Any ideas how to get the entire cert chain in there? without that, the wsus console won't connect saying it can't verify the certificate.
footech
If the certificate is from an internal PKI, then I would expect any root/intermediate certificates to just be distributed to domain members via GPO. Other than that you should be able to just import the root/intermediate certificate separately (specifying the store location with the cmdlet parameter).
On a management system with Server 2016 on it (if possible):
MMC.exe --> Right click Run As Admin --> Add Snap-In --> Computer Certificates --> Other Machine --> Core 2016 --> OK.
Delete the imported certificate.
Import the certificate again making sure the chain was included.
If still not there, then delete, import the intermediates into the Intermediates folder and import the .PFX again.
That should do it.
MMC.exe --> Right click Run As Admin --> Add Snap-In --> Computer Certificates --> Other Machine --> Core 2016 --> OK.
Delete the imported certificate.
Import the certificate again making sure the chain was included.
If still not there, then delete, import the intermediates into the Intermediates folder and import the .PFX again.
That should do it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Import the certificate again making sure the chain was included.
importing a pfx is not supported remotely
ASKER
Other than that you should be able to just import the root/intermediate certificate separately.
tried that...it imported but this appears in the mmc console (maybe that's normal when viewing remotely)
This root certificate appears to be trusted by the remote computer. To ensure this root certificate is valid on the remote computer, verify this root certificate on that computer.
wsus console still doesn't work though. it says to make sure the post-installation was successful (did from command line and did finish successfully) and verify the port it is using (server is listening on 8531 and the correct folders are configured to use ssl). doesn't indicate any certificate error so not sure if that piece is fixed and something else is broken
ASKER
looks like the cert import didn't work right
The TLS server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.
i'll see if the admin center is any good
The TLS server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.
i'll see if the admin center is any good
ASKER
admin center imported the pfx and wsus console connected