Some time ago we made our Organisational CA a subordinate to our MAD CA as per TID. This has worked out generally OK but I have run into a minor issue when installing or upgrading OES servers. Part of the process downloads the self-signed certificate from the Organizational CA. As this is now a subordinate CA it no longer has a self-signed certificate and so the install/upgrade process throws an error. On acknowledging the error the process continues and everything seems to work out fine.

I assume that the process downloads the cert to put into a cert store somewhere for future reference. I have no idea what might break as a result of this cert not being available.

Is there a way around this? I would rather not get the error at all as other staff build servers and tend to panic when they see messages like this. If it is not possible to get rid of the error is there something I can do to get a suitable cert to the new server. I assume I need to get the self-signed cert from the MAD CA into the system somehow.


Stuart Kett