Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Albert Krozhezhepitskay2021-03-21 17:09:11
Active Directory
Albert Krozhezhepitskay, 2021-03-21 17:09:11

What to do about this error when adding pfx certificate?

Certificate from Sectigo built in pfx

openssl pkcs12 -inkey private.key -in _domain_com.crt -export -out _domain_com.pfx


I am deploying a certification authority on a Windows server 2019
When adding a certificate, this is the error In the Microsoft-Windows-CertificateServices-Deployment/Operational
605752facb36e918424590.png

logs
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException:
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException
   в Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.PowerShellCommandExecutor.Execute(Command command, IPowerShellEngine powerShellEngine, IRehydrator rehydrator)
   в Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.CA.CAPSHProviderContext.Validate()
   в Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.CA.Operations.SetExistingCertificate.Execute(ExistingCertificateParameters parameters)
   в Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.DeploymentWizard.CA.ViewModels.ExistingCertificate.ExistingCertificateViewModel.Validate()

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Andrey Barbolin, 2021-03-21
@dronmaxman

This certificate cannot be used for CA.
Why? - The CA is issuing certificates, and this certificate cannot be used to issue other certificates.

Report
C
CityCat4, 2021-03-22
@CityCat4

Heh, I got it, you decided to cheat and slip a regular certificate from the chest of drawers into the CA, in the expectation that it will accept and it will be possible to issue certificates, eventually signed by the chest of drawers?
No, that won't work. CA certificates - have a special mark "I am CA", which the chest of drawers will never supply to you.
You need to generate your own certificate, but of course it will be valid only inside your office, and then only if it is distributed by politicians.

Similar questions
A
Anton2015-01-06 15:48:33
Is it possible to add arbitrary names of non-existent computers to Active Directory? 3Reply
P
Pavel2017-01-06 15:46:57
Is it possible to authenticate Active Directory over VPN? 0Reply
M
Magnus952015-01-16 12:37:19
How to restore _msdcs and all subfolders in dns server 2008? 0Reply
S
sevafanasev2017-01-26 16:28:12
Is it possible to apply two access groups to an ubuntu folder? 2Reply
D
Danil2017-01-30 16:30:07
How to organize the deletion of local user accounts when inactive? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question