Salesforce

KC2016 - Certificate upgrade issue

Printable View
« Go Back

Information

 
Article TypeSolution Article
Scope/EnvironmentKnowledge Center Content Manager / Architect 12.x/13.x
Symptoms/Context
We are trying to upgrade our SSL certificate on our main CMS app server and it's causing lot of issues. We have done that many times with the same process before. We have other batch servers where upgraded certificates are working fine. When we are trying to use the new certificate on main app server, it's STS part is working fine but we are getting runtime error (See below screenshot for more details.) Because of this we are unable to use Web UI and any other client tools. 

"Server error in '/InfoShareAuthor' Application"

User-added image
Resolution
After installing the certificate if still unable to connect to the web client, check the certificate store for duplicate certificates. If the “Friendly” name of the new certificate is the same as the expired certificate, the old certificate may still be the one the system is trying to use.

1. Open IIS and locate the new certificate
2. Right click on new certificate and select View
3. Open the Details tab and locate and select the Subject value to verify the Common Name (CN)

User-added image

4. Close the certificate window
5. Open the Microsoft Management Console (MMC) by either searching for MMC or typing it in the Run command window

User-added image

6. Open Certificate store to check for duplicate certificates (expired certificates with same Friendly name)
a. Select File and Add/Remove Snap-in…

User-added image

b. From the Available snap-ins column, select Certificates and select the Add button in the middle to add the Certificate snap-in to the Selected snap-ins column

User-added image

c. Certificates snap-in window will appear when Add button is selected. Select Computer Account, Local computer, and Finish

User-added image
User-added image

d. Click OK in the Add or Remove Snap-ins window
7. The Certificate store should now be available in the MMC
8. Expand the Certificates in the left column, then select and expand the Personal certificates folder

User-added image

9.Open the Certificates folder. List of certificates will appear in middle window

User-added image

10. Check for duplicates that may have conflicting names.
11. To save old certificate in case you need to revert back, export old certificate to file system
a. Right click on old certificate and choose All Tasks and then Export
b. Click Next
c. There is no need to export private key, so make sure No, do not export the private key is selected and click Next
d. Select Base-64 encoded x.509 (.CER) option and click Next
e. Browse to a location and directory to name and save the certificate. 

User-added image

f. Click Next and Finish
g. Browse back to that location to ensure the certificate has been saved with a .cer extension
12. Go back to the MMC and delete the old certificate
13. If a SDF file was created after following initial update instructions, delete the newly created SDF file
14. Restart IIS and Component services
15. If this was the issue, you should now be able to access the web client and client tools
Root Cause
Reference
Attachment 1 
Attachment 2 
Attachment 3 
Attachment 4 
Attachment 5 
Powered by