Forum Discussion
AdminService REST API keeps resetting PKI cert
My "solution" for the moment is to export the SMS Issuing cert from the CM Console and install it into the "Trusted Root" store on the machines I need to connect to the API from.
I can't find any way to persist the PKI cert, so I may need to raise a case with Microsoft to resolve.
I've already unbinding the existing cert and "adding" as well as "updating" and checking the binding is correct. When I bind my cert it all works as expected until the next health check.
Every 10 minutes the REST PROVIDER will reset it back to the SMS Issuing certificate. When it does it doesn't just unbind the PKI cert, it completely *deletes* the PKI cert from the certificate store.
The SMS Provider is working correctly in all other aspects
Steps I have tried
- deleting existing binding before adding new cert
- add cert using same appid (0000000...)
- add cert using new appid
- disable issuing cert "purpose" in MY and SMS stores
- It still used the cert and rebound it
- deleting the self-issued cert from MY and SMS stores
- It fails to bind (as expected) and reports an error but leaves the PKI binding in place
- It still reports the service as "healthy"
- The self-signed cert is eventually re-issued and bound again after around 30 minutes
My "solution" for the moment is to export the SMS Issuing cert from the CM Console and install it into the "Trusted Root" store on the machines I need to connect to the API from.
I can't find any way to persist the PKI cert, so I may need to raise a case with Microsoft to resolve.