Sunday, October 9, 2011

How to Solve Web Application alert: Untrusted CA – Solution II

When one creates a Web Application in order to monitor the availability and responses of a certain website, one might bump into this error: Untrusted CA:

Investigation taught me their might be two separate causes for this Alert, both related to the Watcher Node which run this Monitor. This posting will be about the second separate cause. For the posting about the first cause, go here.

Even when the Root Certificates are up to date on the Watcher Node, there might be another issue at play. In this case, a certificate is being used which isn’t present in the CA store of the Watcher Node.

How to solve it
Open a rdp-session on the Watcher Node generating the Alert Untrusted CA - log on with local admin permissions - and start IE. Surf to the website which creates these Alerts. Wait until the website is fully loaded and import the certificate for your account in to the Certificate Store Intermediate Certification Authorities:

The wizard Welcome to the certificate Import Wizard is started. Follow the instructions and when prompted what store to select, choose for the option Place all certificates in the following store > Intermediate Certification Authorities.

Finish the wizard. The Certificate is stored now.

Open a MMC > add Snap-in > Certificates > for Local Computer Account and My User Account. Export the certificate you just imported from the store Certificates – Current User\Intermediate Certification Authorities to a folder on your drive.

Import the certificate you just exported to the store Certificates (Local Computer) \Intermediate Certification Authorities:

Now all is well and the Watcher Node won’t throw the error Untrusted CA anymore.

Thanks to this blog posting I was able to crack this issue.

No comments: