johngoutbeckKye Absent Member.
Absent Member.
652 views

OES CA server in Win 10 and beyond

OES CA server in Win 10 and beyond

We have NOWS with OES 2018 with iManager, iPrint, GroupWise, ZENworks
The Organizational CA is internal

Whenever I browse on a Win10 PC with Edge, I receive the 'Certificate error' with 'DLG_FLAGS_SEC_CERT_CN_INVALID'
Chrome gets 'Your connection is not private' with 'NET::ERR_CERT_AUTHORITY_INVALID'

Both browsers can bypass the error to work, but next time the issue remains.

So, I would like to install the internal CA into the Win 10 local Trusted Root Certification Authorities - Certificates store, so users do not get the certificate error message.

Following several internet KBs & several exports of the eDir Tree CA (into .pfx file) imports into the Win 10 local Trusted Root Certification Authorities - Certificates, I still receive the Certificate error.

Anyone have a proper way to export the eDir Tree CA and import into a Win 10 TRCA Cert store so the browser doesn't cert error?

After this is working, next step is for GW admin console (on SLES 12) and other GW consoles to use the internal Tree Ca as it TRCA. Then add ZENworks (on SLES 12) consoles, iPrint consoles, etc. Maybe even a wildcard cert for all our sites.

Then any other internal sites to use certs minted from the internal Tree CA.

Step by step instructions would be very helpful.

Any help, comments, suggestions, advice would be greatly appreciated.
Labels (2)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: OES CA server in Win 10 and beyond

Hi.

On 06.12.2018 00:54, johngoutbeckKyetech wrote:
>
> OES CA server in Win 10 and beyond
>
> We have NOWS with OES 2018 with iManager, iPrint, GroupWise, ZENworks
> The Organizational CA is internal
>
> Whenever I browse on a Win10 PC with Edge, I receive the 'Certificate
> error' with 'DLG_FLAGS_SEC_CERT_CN_INVALID'
> Chrome gets 'Your connection is not private' with
> 'NET::ERR_CERT_AUTHORITY_INVALID'
>
> Both browsers can bypass the error to work, but next time the issue
> remains.
>
> So, I would like to install the internal CA into the Win 10 local
> Trusted Root Certification Authorities - Certificates store, so users do
> not get the certificate error message.
>
> Following several internet KBs & several exports of the eDir Tree CA
> (into .pfx file) imports into the Win 10 local Trusted Root
> Certification Authorities - Certificates, I still receive the
> Certificate error.
>
> Anyone have a proper way to export the eDir Tree CA and import into a
> Win 10 TRCA Cert store so the browser doesn't cert error?
>
> After this is working, next step is for GW admin console (on SLES 12)
> and other GW consoles to use the internal Tree Ca as it TRCA. Then add
> ZENworks (on SLES 12) consoles, iPrint consoles, etc. Maybe even a
> wildcard cert for all our sites.
>
> Then any other internal sites to use certs minted from the internal Tree
> CA.
>
> Step by step instructions would be very helpful.
>
> Any help, comments, suggestions, advice would be greatly appreciated.


Just succesfully did this:

1. Export the ca as .der
2. Doubleclick the .der file in windows, telling it to install the cert
in the trusted root cert store.

Tested with IE connecting to iManager on one of my servers, no error,
connection shown as secured.

Windows10 1803.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
MCCFL_MLA Absent Member.
Absent Member.

Re: OES CA server in Win 10 and beyond

I do it with a ZCM bundle as part of my overall system configuration.


I place the cert in a local "Utility/Temp" folder, run an import, then delete the file.


after copying or locating the file where you want with the bundle, you can import with the following (Run as Secure System User)

C:\Windows\System32\certutil.exe -addstore -f -enterprise root C:\utilities\Certs\MY_CA_CERT_SHA2.der


Its super quick, and clean. No interaction.


~Patrick
0 Likes
John Goutbeck Absent Member.
Absent Member.

Re: OES CA server in Win 10 and beyond

Hello all;

Thanks, that all worked - export as der and importing to Win 10 TRCA Cert store.

I'll give the ZCM bundle a try later.

Now to make CSR and certs for other services on the OES 2018 servers with services of different names
hello
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.