Sign in
 

none
OAuth Certificate Issue

 , 
 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have a Issue assigning

    I have tried all the ways to try installing, but no luck,

    I was able to install default certificate and after reading all the form I am unable to find solution, I have tried the CA URL internal which is not working in my environment, Any other option to make this work

    Internal chat is working perfectly for me as of now.

    Error: The private key of the certificate is not marked exportable and cannot be stored in the central management store.

     Details

     Type: CertificateException

      Stack Trace

          

    at Microsoft.Rtc.Management.Deployment.Core.Certificate.ExportCerts(X509Certificate2Collection certs) at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor scope, X509Certificate2 foundCert, X509Certificate2Collection certs, Nullable`1 effectiveTime, Boolean isRoll) at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor scope, String thumbprint, Nullable`1 effectiveTime, Boolean isRoll) at Microsoft.Rtc.Management.Deployment.Tasks.SetCertificateTask.Action() at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action)

      Additional Details

          

    Error: Key not valid for use in specified state.

     Details

     Type: CryptographicException

      Stack Trace

          

     

    17/12/2013 13:56:20

     

    Error

     

    Error: An error occurred: "Microsoft.Rtc.Management.Common.Certificates.CertificateException" "The private key of the certificate is not marked exportable and cannot be stored in the central management store."



    Tuesday, December 17, 2013 3:30 PM
    |

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Are you attempting to import a cert for the OAuth that has been generated without using the certificate wizard?

    Like Ant says, if you'd used the wizard then this cert would have been marked as private key exportable by default, and wouldn't be an issue.

    Kind rgards
    Ben

    • Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
    Tuesday, December 17, 2013 4:42 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for all this helps me a lot to get Auth cert..

    Import-CsCertificate -Identity global -Type OAuthTokenIssuer -Path C:\Install\cert-lync.pfx  -Password "qwertyuiop"

    • Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
    Tuesday, December 17, 2013 7:50 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Highlight the oAuthTokenIssuer again and try to regenerate the certificate just for this.  The private key needs to be exportable, and this should be the default when you generate the certificate.  Either you're attempting to use a different cert or something went wrong with the generation. 

    Doug has a good general write-up on oAuth just to let you know a bit more about the cert: http://blogs.technet.com/b/dodeitte/archive/2012/11/02/oauth-certifcate-in-lync-server-2013.aspx

    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications

    Tuesday, December 17, 2013 4:14 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Are you attempting to import a cert for the OAuth that has been generated without using the certificate wizard?

    Like Ant says, if you'd used the wizard then this cert would have been marked as private key exportable by default, and wouldn't be an issue.

    Kind rgards
    Ben

    • Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
    Tuesday, December 17, 2013 4:42 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for all this helps me a lot to get Auth cert..

    Import-CsCertificate -Identity global -Type OAuthTokenIssuer -Path C:\Install\cert-lync.pfx  -Password "qwertyuiop"

    • Marked as answer by Prasanth N D Tuesday, December 17, 2013 7:50 PM
    Tuesday, December 17, 2013 7:50 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I found that converting the PFX to a PEM, then back to PFX with OpenSSL worked for me:

    openssl.exe pkcs12 -in D:\certificate.pfx -out D:\certificate.pem -nodes
openssl.exe pkcs12 -export -in D:\certificate.pem -out D:\certificate.pfx

    Sunday, July 02, 2017 11:40 PM
    |