The error message appears after you click Install during the Certificate Authority (CA) installation process.
Additionally, attempts to access the Certificate Revocation List (CRL) from a web browser fail with a 403 error.
For example, attempts to connect to http://localhost/crl/NESL1CA.crl or http://localhost/crl/NymiInfraRootCA.crl from a web browser display the following page:
Figure 1. HTTP Error 403.4 - Forbidden
Cause
The CRL distribution point configuration for the L1 and L2 certificates use an HTTP URL to fetch certificates but the CRL Virtual Directory setting in IIS is configured to require SSL.
Resolution
To resolve this issue disable the SSL required option for the default web page in IIS Manager on NES.
- In IIS Manager, expand the .
- In the Default Website pane, double-click SSL Settings, and then clear the Require SSL box.
- Remove NDES and the Certificate Authority:
- In Server Manager, select . The Remove Roles and Features Wizard opens.
- Click Next.
- On the Select destination server page, click Next.
- On the Remove server roles page, expand Active Directory Certificate Services , clear Network Device Enrollment Service, and then click Next.
- On the Remove features page, click Next.
- On the Confirmation removal selections page, click Remove.
- When the removal completes, click Close.
- In Server Manager, select .
- Click Next.
- On the Select destination server page, click Next.
- On the Remove server roles page, clear Actice Directory Certificate Services.
- On the Remove features that require Active Directory Certificate Services, click Remove Features
- On the Remove server roles page,ckick Next.
- On the Remove Features page, click Next.
- On the Confirm removal selections page, click Remove.
- When the removal completes, click Close.
- Restart the NES machine.
- Install AD CS, NDES, and the CA. The Nymi Connected Worker Platform—Deployment Guide provides more information.
Comments
0 commentsPlease sign in to leave a comment.