In Firefox, type ‘about:config’ in the address bar
If prompted, accept any warnings
search for ‘security.enterprise_roots.enabled‘ as the Name
Set the value to ‘true’
It’s a wired issue.
Port 3389 is open, and can telnet to it. But if try to RDP to the server, the RDP connection will failed immediately.
And in system event log, there is an error message said “Description: A fatal error occurred when attempting to access the SSL server credential private key.”
After investigation, found out this issue was caused by the incorrect file permission were set on files within C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
So the fix is, grant system full control access to folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys as well as all files within this folder.
Rename below folder to Machinekeys_old
And then restart the server
If groupolicy disabled you to do so, then we still can turn off certificate revocation check in registry
In registry editor browse to the following key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing
Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal
1. Install OpenSSL version 0.9.8 for windows, you can get it from below link:
2. Install it on a windows machine. By default, OpenSSL will be installed to C:OpenSSL
3. Copy the pfx certificates into folder C:OpenSSLbin
4. Run command line as administrator, and go to folder C:OpenSSLBin
5. Use below command to covert the certificate:
a. Generate crypt key file for the certificate via below command:
openssl pkcs12 -in server.pfx -nocerts -out server_tmp.key
During this step, it will ask for pfx certificate password and the pass phrase for the key. Use any word you like as the pass phrase, do not use blank pass phrase.
Then use below command to decrypt the key. In this step it will ask you the pass phase you used before.
openssl rsa -in server_tmp.key -out server.key
b. Generate crt file for the certificate via below command:
openssl pkcs12 -in server.infau.wbcau.westpac.com.au.pfx -clcerts -nokeys -out server.crt
6. Done. Now you can install the certificate for ESXi host
After import the certificate into IIS, when I navigated away from the Server Certificates window, the certificate would disappear.
I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.
After investigate, I found below solution for this issue:
Save the three portions of the certificate into three separate files (Note: The Intermediate Certificate is optional, if you were not supplied with one, just skip the steps involving it):
privatekey.txt – Copy and paste the contents of the private key including the begin and end lines.
certificate.txt – Copy and paste the contents of the Regular Certificate including the begin and end lines.
intermediate.txt – Copy and paste the contents of the Intermediate Certificate including the begin and end lines.
Upload all these files to a linux server, and run
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.txt -in certificate.txt -certfile intermediate.txt
then import the certificate.pfx into IIS