Skip to main content
Solved

Creating certificate for IFS using internal Microsoft CA

W
Sidekick (Customer)
Forum|alt.badge.img+9

Does anyone have any experience in creating your own certificate for IFS using a Windows Server 2016 Certificate Authority? I have created my CA located on my domain controller within AD, created templates in AD CS, created a csr from my middleware server, then exported the certificate with the private key, but when I try to use it during the IFS installation, it fails the verify stating “Certificate verification failed: signature check failed”

Best answer by Kusal Rathnakumara

HI @woprhowe , 

This issue has already been reported to the R&D. Could you please give the workaround provided by R&D a try

Workaround
-------------
1. Do the fresh installation by adding a self-sign certificate for any proxy combination.
2. Then update the WebServer certificate using "update_http_certificates.sh".

View original
Did this topic help you find an answer to your question?

5 replies

W
Sidekick (Customer)
Forum|alt.badge.img+9
  • woprhowe
  • Author
  • Sidekick (Customer)
  • 55 replies
  • August 23, 2023

Well, since there were no replies to my post, I guess I will follow-up with my own reply. In my test environment (sandboxed AD with DC, CA, CDP and full IFS implementation), I was able to create a template in my CA to accommodate IFS and enroll my middleware server through AD. Exporting this cert (with private key) produced a cert that IFS liked (but only when I chose TripleDES-SHA1 for the encryption). I see that AES256-SHA256 is listed under cipher suites in the IFS installer, but if I choose SHA256 during the export, the cert failed the “verify” that the IFS installer offers. I would like to use stronger encryption for this connection, so hoping someone out there has used Microsoft CA with AES256-SHA256 encryption. I have attached a Word document that further explains the selections that I made during this process as well as the errors I received. 

KristenGastaldo
Superhero
Forum|alt.badge.img+18

Hi @woprhowe  - Thank you for coming back to update, in case someone else has the same issue. I don’t see the word attachment; let me know if you’re having issues uploading it and I can help.

W
Sidekick (Customer)
Forum|alt.badge.img+9
  • woprhowe
  • Author
  • Sidekick (Customer)
  • 55 replies
  • August 24, 2023

@KristenGastaldo , please let me know if you see the Word document attached to this reply!

 

Thank you,

Bob

1 Attachments
KristenGastaldo
1 person likes this
  • KristenGastaldo
    KristenGastaldo
KristenGastaldo
Superhero
Forum|alt.badge.img+18

@woprhowe  - It’s there now!

K
Do Gooder (Employee)
Forum|alt.badge.img+1

HI @woprhowe , 

This issue has already been reported to the R&D. Could you please give the workaround provided by R&D a try

Workaround
-------------
1. Do the fresh installation by adding a self-sign certificate for any proxy combination.
2. Then update the WebServer certificate using "update_http_certificates.sh".

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings