Some time ago we made our Organisational CA a subordinate to our MAD CA
as per TID. This has worked out generally OK but I have run into a
minor issue when installing or upgrading OES servers. Part of the
process downloads the self-signed certificate from the Organizational
CA. As this is now a subordinate CA it no longer has a self-signed
certificate and so the install/upgrade process throws an error. On
acknowledging the error the process continues and everything seems to
work out fine.

I assume that the process downloads the cert to put into a cert store
somewhere for future reference. I have no idea what might break as a
result of this cert not being available.

Is there a way around this? I would rather not get the error at all as
other staff build servers and tend to panic when they see messages like
this. If it is not possible to get rid of the error is there something
I can do to get a suitable cert to the new server. I assume I need to
get the self-signed cert from the MAD CA into the system somehow.


Stuart Kett

Big_Stu's Profile:
View this thread: