Error installing ACS certificate: Cannot get private key

Unanswered Question
Nov 12th, 2007
User Badges:

I'm installing a new wireless LAN using 4400 controllers and ACS 4.1 running on a win2003r2 server. I want to authenticate users using AD from a 2003r2 enterprise based DC server as my database.


I've been following the intructions for creating a cetificate (creating a new exportable template) everything works OK until I try to "Install ACS certificate" on my acs server. After selecting "use certificate from storage" ang entering my CN, i get "Cannot get the private key from certificate. It's absent or not marked as exportable."


I'm stuck. Any help appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Tue, 11/13/2007 - 06:11
User Badges:
  • Red, 2250 points or more

If the certificate was not marked as exportable upon creation of the certificate, you will receive this message. May I recommend that

you start from scratch using the attached PDF.


Many have experienced great success with this document and I highly recommend it.


Regards,

~JG



Attachment: 
hahe Tue, 11/13/2007 - 06:47
User Badges:

Thanks for your reply!


Well, I've been through those steps twice already (the first time I had another doc but with the same steps). I payed special attention to the issue with checking "mark as exportable".


The CA services was already installed so I cannot know if that was installed before or after IIS (see the first note) but anyway that seems to be OK.


The only point at which I have "cheated" is step 11 in the second note (restart the CA). I only restarted the "Certificate Services" service from the control panel. I will now try to reboot the entire machine to see if that helps.


Do I need to erase the first two failed attempts? How? They are visible under "Edit certificate trust list".


Another thing I find peculiar is: The ACS admin web pages seem to "time out" very quickly. If I leave the console idle for a minute, the server seems to have changed port (?!) and I need to restart from the main URL (http://127.0.0.1:2002/). Is that normal?

Actions

This Discussion