Error installing ACS certificate: Cannot get private key

hahe · ‎11-12-2007

I'm installing a new wireless LAN using 4400 controllers and ACS 4.1 running on a win2003r2 server. I want to authenticate users using AD from a 2003r2 enterprise based DC server as my database.

I've been following the intructions for creating a cetificate (creating a new exportable template) everything works OK until I try to "Install ACS certificate" on my acs server. After selecting "use certificate from storage" ang entering my CN, i get "Cannot get the private key from certificate. It's absent or not marked as exportable."

I'm stuck. Any help appreciated!

Jagdeep Gambhir · ‎11-13-2007

If the certificate was not marked as exportable upon creation of the certificate, you will receive this message. May I recommend that

you start from scratch using the attached PDF.

Many have experienced great success with this document and I highly recommend it.

Regards,

~JG

hahe · ‎11-13-2007

Thanks for your reply!

Well, I've been through those steps twice already (the first time I had another doc but with the same steps). I payed special attention to the issue with checking "mark as exportable".

The CA services was already installed so I cannot know if that was installed before or after IIS (see the first note) but anyway that seems to be OK.

The only point at which I have "cheated" is step 11 in the second note (restart the CA). I only restarted the "Certificate Services" service from the control panel. I will now try to reboot the entire machine to see if that helps.

Do I need to erase the first two failed attempts? How? They are visible under "Edit certificate trust list".

Another thing I find peculiar is: The ACS admin web pages seem to "time out" very quickly. If I leave the console idle for a minute, the server seems to have changed port (?!) and I need to restart from the main URL (http://127.0.0.1:2002/). Is that normal?