EP with Claims-mode authentication gives Certificate errors fix

Working on installing an Enterprise Portal site that is going to use Claims-mode authentication (more exactly Forms-based authentication) and been following the tutorials that are present out there in setting this. All worked like presented, except for the fact that I was getting the 'Certificate error' when going to the site or errors like: "The root of the certificate chain is not a trusted root authority.".

One problem was that the site's SharePoint name when running the  New-AXClaimsAwareEnterprisePortalServer was the hostname.Domain but the site in AX was only the hostname. From here the browser was complaining that the certificate was not generated for this site.

So, in order to workaround this I ended up generating a certificate for a CA that I used after to generate the SSL and signing certificates used in the tutorial.
To do this, just open up Visual Studio Command Prompt and run first

makecert.exe -n "CN=Public EP Site CA,O=The Company, OU=EnterprisePortal,L=EP,S=BUC,C=RO" -pe -ss Root -sr LocalMachine -sky exchange -m 120 -a sha1 -len 2048 -r.
 After running this you can run
makecert.exe -n "CN=replace_your_host_name" -pe -ss My -sr LocalMachine -sky exchange -m 120 -in "Public EP Site CA" -is Root -ir LocalMachine -a sha1 -eku
in order to generate the two SSL certificates you need (they will replace the two certificates you generated in the tutorial using the IIS).
 Then finally you generate the STS signing certificate

makecert.exe -pe -a sha1 -n "CN=FormsSTSSigning" -ss My -sr LocalMachine -sky exchange -len 2048 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 c:\FormsSTSSigning.cer -in "Public EP Site CA" -is Root -ir LocalMachine

At this point you should be certificate error free for your EP site.

No comments:

Post a Comment