Answered by:
OAuth Certificate Issue

-
I have a Issue assigning
I have tried all the ways to try installing, but no luck,
I was able to install default certificate and after reading all the form I am unable to find solution, I have tried the CA URL internal which is not working in my environment, Any other option to make this work
Internal chat is working perfectly for me as of now.
Error: The private key of the certificate is not marked exportable and cannot be stored in the central management store.
► Details
└ Type: CertificateException
└ ► Stack Trace
└
at Microsoft.Rtc.Management.Deployment.Core.Certificate.ExportCerts(X509Certificate2Collection certs) at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor scope, X509Certificate2 foundCert, X509Certificate2Collection certs, Nullable`1 effectiveTime, Boolean isRoll) at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor scope, String thumbprint, Nullable`1 effectiveTime, Boolean isRoll) at Microsoft.Rtc.Management.Deployment.Tasks.SetCertificateTask.Action() at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action)
└ ► Additional Details
└
Error: Key not valid for use in specified state.
► Details
└ Type: CryptographicException
└ ► Stack Trace
└
17/12/2013 13:56:20
Error
Error: An error occurred: "Microsoft.Rtc.Management.Common.Certificates.CertificateException" "The private key of the certificate is not marked exportable and cannot be stored in the central management store."
- Edited by Prasanth N D Tuesday, December 17, 2013 3:37 PM
Question
Answers
-
Are you attempting to import a cert for the OAuth that has been generated without using the certificate wizard?
Like Ant says, if you'd used the wizard then this cert would have been marked as private key exportable by default, and wouldn't be an issue.
Kind rgards
Ben- Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
-
Thanks for all this helps me a lot to get Auth cert..
Import-CsCertificate -Identity global -Type OAuthTokenIssuer -Path C:\Install\cert-lync.pfx -Password "qwertyuiop"
- Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
All replies
-
Highlight the oAuthTokenIssuer again and try to regenerate the certificate just for this. The private key needs to be exportable, and this should be the default when you generate the certificate. Either you're attempting to use a different cert or something went wrong with the generation.
Doug has a good general write-up on oAuth just to let you know a bit more about the cert: http://blogs.technet.com/b/dodeitte/archive/2012/11/02/oauth-certifcate-in-lync-server-2013.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications
-
Are you attempting to import a cert for the OAuth that has been generated without using the certificate wizard?
Like Ant says, if you'd used the wizard then this cert would have been marked as private key exportable by default, and wouldn't be an issue.
Kind rgards
Ben- Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
-
Thanks for all this helps me a lot to get Auth cert..
Import-CsCertificate -Identity global -Type OAuthTokenIssuer -Path C:\Install\cert-lync.pfx -Password "qwertyuiop"
- Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
-