New content SSA crawl component doesn't like different SSL cert RRS feed

  • Question

  • We are building a new SharePoint 2010 + FAST for SharePoint (single server) installation. We have 2 SharePoint App servers where we want to run crawl components.

    After installing FAST and configuring the content SSA from App Server 1, we set the content SSA to use a signed certificate located on App Server 1 instead of the self-signed one FAST creates. (All of our Windows servers have signed certificates for the server). This part worked fine.

    Then we created a new crawl component for the content SSA on App Server 2, and all hell broke loose. App Server 2 gets really angry that it can't find the certificate with the thumbprint of the cert from App Server 1 to use when talking to the FAST server. The Event Viewer shows how p.o'd it is.

    In these technet instructions, it says that all you need to add a new crawl component is an SSL cert signed by the same certificate authority, which it is. Any idea why App Server 2 flat out refuses to use its perfectly good signed certificate located in Certificates(Local Computer)\Personal and ready to go? The content SSA seems awfully insistent on using a certificate with the exact thumbprint from the cert on App Server 1.

    Thanks for any input!


    Thursday, September 1, 2011 6:52 AM

All replies

  • Hi,

    did you get this solved?

    If you read the docs on "Manage Certificates" for multiple servers it starts with:

    "If you have configured the FAST Search Content SSA to use more than one crawl component, you must install the CA signed certificate on each SharePoint Server 2010 server that has a crawl component."

    ..sort of saying the certificate for the SP server hosting the SSA has to be installed on the other SP servers with crawl components. If you add the cert for SP#1 to SP#2 as well, will it then use and find that cert, and stop being p.o'd about it?

    Also, have you installed the latest CU's and verified the error still exists.

    Mikael Svenson 

    Search Enthusiast - SharePoint MVP/WCF4/ASP.Net4
    Saturday, September 17, 2011 8:28 PM
  • Hi Mikael,

    We worked around it without solving it. I simply put the content SSA on App Server 1 and called it a day. I'm sure adding all of our certs to each server would have worked too, but that was too much work for an environment that doesn't really need FAST scaled out anyway.


    Tuesday, September 27, 2011 11:01 PM
  • Hi Ken,

    Glad you worked around it, and this feeds to my notion that the time spent trying to use CA certs might not be worth it.

    Mikael Svenson 

    Search Enthusiast - SharePoint MVP/WCF4/ASP.Net4
    Wednesday, September 28, 2011 6:30 AM