none
RMS certificate error RRS feed

  • Question

  • am facing a problem with the AD RMS certificate, am using internal PKI (Windows 2008 R2) when configure the web cert for the AD RMS the URL must be rms.mydomain.com my server name is RMS-Server, so when i install this cert it give me that this certificate has been issued to different web site, i already created a CName record in my dns.

    how can i make this cert work ?

    Sunday, May 1, 2011 1:24 PM

Answers

  • Hi Tiago

    What URL have you registered for the Intranet URL and the SCP entry? Both these entries need to match and the certificate subject name needs to match this URL.

    The RMS client picks up the RMS url from the SCP entry be default, so the Cname record in the DNS is useless. If you want to use the DNS entry as your access URL, then you need to put a registry entry on the client.

     


    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent

    Sunday, May 1, 2011 5:40 PM
  • Well the steps sound correct seems more like an issue with the SSL cert rather than the ADRMS.

    • CAn you check the certificate via the MMC and verify the Subject field entry?
    • Secondly verify it has been issued via the Webserver template
    • What have you chosen for the ADRMS default website?
    • If it's the default website, access "default website" via the IIS Manager and check if the cert has already been loaded there

    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent

    Sunday, May 1, 2011 7:00 PM

All replies

  • Hi Tiago

    What URL have you registered for the Intranet URL and the SCP entry? Both these entries need to match and the certificate subject name needs to match this URL.

    The RMS client picks up the RMS url from the SCP entry be default, so the Cname record in the DNS is useless. If you want to use the DNS entry as your access URL, then you need to put a registry entry on the client.

     


    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent

    Sunday, May 1, 2011 5:40 PM
  • thanks adnan for the reply

    let me tell you what i did till this point:

    1) i went to my internal PKI and duplicate the web server template, give the rms server read and enroll permission then issue it

    2) from the RMS using certificate in mmc i imported the sertificate and for the DN i used cn=rmsserver,dc=domain,dc=com and for the url i used rms.domain.com

    3) during the RMS installation i added the rms.domain.com in the Internal Address and used the imported certificate in the SSL setup.

    after that i faced the problem and cannot go farther, this thing makes me going nuts!

     

    Sunday, May 1, 2011 6:09 PM
  • Well the steps sound correct seems more like an issue with the SSL cert rather than the ADRMS.

    • CAn you check the certificate via the MMC and verify the Subject field entry?
    • Secondly verify it has been issued via the Webserver template
    • What have you chosen for the ADRMS default website?
    • If it's the default website, access "default website" via the IIS Manager and check if the cert has already been loaded there

    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent

    Sunday, May 1, 2011 7:00 PM