Certification Authority not showing up in IIS Server Certificates Dialog
Got an Online Certification Auhtority that is not showing up in IIS when you are trying to renew a certificate? If so, this is the post for you. Sit back, grab a cup of coffee and start reading as we go over what you need to do to get your desired Online Certification Authority back in IIS.Can't install our app - "certificate in chain-of-trust is failing validation"
We've had a number of support incidents from users with Windows 11 Insider Preview reporting that they can't install our Windows Desktop app. Users with the retail release of Windows 11 (or Windows 10) do not experience this issue. Our (WiX) installer runs successfully until it gets to the driver installation step. Then it rewinds and quietly exits with no message popup or obvious error. Despite testing with a variety of different Insider Preview builds, we've so far been unable to reproduce the problem locally. Looking at a verbose setup log contributed by a user, I noticed the following: DIFXAPP: INFO: ENTER: DriverPackageInstallW DIFXAPP: INFO: RETURN: DriverPackageInstallW (0xE0000247) DIFXAPP: ERROR: encountered while installing driver package 'C:\Program Files\AcmeWidgets\WidgetApp\widget-driver.inf' DIFXAPP: ERROR: InstallDriverPackages failed with error 0xE0000247 DIFXAPP: RETURN: InstallDriverPackages() 3758096967 (0xE0000247) CustomAction MsiInstallDrivers returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 21:00:47: InstallFinalize. Return value 3. MSI (s) (50:CC) [...]: Note: 1: 2265 2: 3: -2147287035 Our driver is signed with a Digicert EV Code Signing Certificate: Certificate Certificate Order Common name Product Status Order date start date expiration expiration ------------- --------------- ------ ----------- ----------- ----------- ----------- Immersed Inc. EV Code Signing Issued 27 May 2020 28 May 2020 02 Jun 2022 02 Jun 2022 2 years While investigating, I also saw a message/description that mentioned a certificate in the chain-of-trust failing validation. I thought perhaps an intermediate CA cert might have been omitted from one of the Insider Preview builds, so I requested dumps of root, intermediate and third-party certs from a few affected users. My hope was to find a cert included in my test environment that was missing in all of theirs. No such luck, unfortunately; they all seem to have supersets of the certs I have in a fresh Insider Preview test installation. Can someone please respond with a suggestion on a path forward? Being unable to reproduce this in a test environment has me completely blocked. I'd really like to hear back from a Microsoft engineer on this. Thanks.
Certificate Enrollment Policy
Hello I have a question about Certificate Enrollment Policies. I am seeing two different policies on two different computers and not sure why. Both users are logged into the same domain but when I go to request a certificate from UserA using the certmgr.msc console I see "Configured by your Administrator" Active Directory Enrollment Policy ID: xxxxx-xxxx-xxxx etc.. on one computer and am able to see certificate templates listed. When I log on as UserB on a different computer using certmgr.msc console I see "Configured by your Administrator" Active Directory Enrollment Policy ID: yyyyyy-yyyyyy-yyyyy etc.. and I don't see ANY certificate templates listed. Both users and the computers they are logging into are on the same domain but receiving two different Enrollment Policy ID's. Could someone help me out on why that would be? It is driving me crazy and need to figure this out so I can request certificates using the certmgr.msc Thanks in advance!!Certificate Error and NAS management
I had to update the certificate on our NAS server. Edge has taken against it and will just not let me access the server again because the certificate is bad. It will remain bad because I cannot get access to the device to put it right!!! How can I get around a block that is intended to protect unaware users but is also stopping an admin from correcting an issue with the device. I really don't want to go to a seperate browser to do this!
