Does anyone have any experience in creating your own certificate for IFS using a Windows Server 2016 Certificate Authority? I have created my CA located on my domain controller within AD, created templates in AD CS, created a csr from my middleware server, then exported the certificate with the private key, but when I try to use it during the IFS installation, it fails the verify stating “Certificate verification failed: signature check failed”
Best answer by Kusal Rathnakumara
View originalWell, since there were no replies to my post, I guess I will follow-up with my own reply. In my test environment (sandboxed AD with DC, CA, CDP and full IFS implementation), I was able to create a template in my CA to accommodate IFS and enroll my middleware server through AD. Exporting this cert (with private key) produced a cert that IFS liked (but only when I chose TripleDES-SHA1 for the encryption). I see that AES256-SHA256 is listed under cipher suites in the IFS installer, but if I choose SHA256 during the export, the cert failed the “verify” that the IFS installer offers. I would like to use stronger encryption for this connection, so hoping someone out there has used Microsoft CA with AES256-SHA256 encryption. I have attached a Word document that further explains the selections that I made during this process as well as the errors I received.
+18
Hi
Thank you,
Bob
+18
+1
HI
This issue has already been reported to the R&D. Could you please give the workaround provided by R&D a try
Workaround
-------------
1. Do the fresh installation by adding a self-sign certificate for any proxy combination.
2. Then update the WebServer certificate using "update_http_certificates.sh".
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
