cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1600
Views
0
Helpful
5
Replies

ACS can not find its certificate from storage

rogelioalvez
Level 1
Level 1

Hello team:

I am finding problems when trying to install a certificate to my ACS 4.2 (on Windows 2003 Server Standard Edition SP1 - English version). The certificate was enrolled from a Windows Certificate Authority (running on Windows 2003 Enterprise Edition SP2 -english version).

The enrollment process was normal, and the certificate was installed on the local storage in the final step of the enrollment process ("The certificate you requested was issued to you": "Install this certificate" -> Your new certificate has been successfully installed).

But when I want ACS to acknowledge and install this certificate, an error message appears (System Configuration -> ACS Certificate Setup -> Install ACS Certificate -> Use certificate from storage):

"Certificate configuration error: Cannot find certificate with specified common name in the ACS storage"

Has anybody run into a problem like this?

Thank you very much in advance

Rogelio Alvez

5 Replies 5

Yudong Wu
Level 7
Level 7

From the error message itself, are you sure you are using the same CN name as what you used in certificate request?

You can check the following

1. start->run>mmc and then add a certificate snap-in to check if certificate is installed correctly and put in a right storage.

2. Check the certificate to see what CN name it is and make sure you use the same when you configure ACS

Hello Yelong:

1. ¿What would the right storage be for the certificate? I would have expected that the successful message I received when I installed it shoud have been enough proof that the cert was properly located in the right storage within the machine. I will ask the server administrator to start the mmc and let me know whether he is able to see the cert in any storage, and let you know as soon as possible.

2. Yes, the cert´s CN name is exactly the same I have been trying (without success) to use in ACS to make it recognize the new certificate recently installed.

Thank you very much for your help

Rogelio

The certificate should be installed in the Personal->Certificate store when you clicked the "install certificate" on CA Web page.

In general, I installed the cert like the following steps.

1. Generate CSR in ACS instead of using CA webpage.

    System Configuration->ACS Certificate Setup->Generate Certificate Signing Request

2. Then you can send certificate request in text file to your CA admin or enroll it via CA webpage directly.

When you request the cert on CA webpage, use "submit a certificate request by using a base-64", then paste your request. Select the certificate template accordingly.

3. Then download certifice in "Base 64 encoded" format.

4. On ACS you can install it from the cert file which you download in step 3.

Hi Yudong:

I will give it a shot and let you know what happened as soon as possible. Unfortunatelly I am not close to the customer site but plan to go back to that place in a couple of days.

Thank you very much for your help.

Rogelio

Hi,

Looking your  inputs to validate my understanding.

We can instal the ceritifcate in ACS using opton "Use certificate from storage" and providing the valid CN name. As an option we can also use "Select Certificate From Storage" and choose a ceritifcate from the drop down list. I just want to understand if we must select the "Select Certificate From Storage" option or is it just an option. Along the same lines how is the drop down list populated?

Thanks,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: