none
Workflow installation with wildcard certificate RRS feed

  • Question

  • Hello,

    When I'm trying to use wildcard certificate issued by internal CA (*.abc.com) for WFM and Service bus configuration, it is giving below error message:

    The X.509 certificate CN=*.abc.com is not in the trusted people store. 
    The X.509 certificate CN=*.abc.com chain building failed. 
    The certificate that was used has a trustchain that cannot be verified. 
    Replace the certificate or change the certificate Validation Mode. The revocation function was unable to check revocation because the revocation server was offline

    I'm using single server for WFM configuration. Whether we need to add this certificate to Trusted People store? Can't we use wildcard certificate in single server deployments for WFM?

    Are there any issues if we select Autogenerate certificate in production deployments having single server WFM installations?

    BR, Sarath

    Friday, December 2, 2016 3:09 PM

Answers

  • Hi Sarah, it should be any issues with a wildcard certificate.

    Validate the thumbprint of the certificate that is throwing the error, and then guarantee that the certificate is on the "Trusted Root Certification Authorities" of the Server.

    Hope that helps

    Cheers

    Please mark as helpful if this was helpful.


    Thanks & Regards, Jose

    Tuesday, December 13, 2016 4:38 PM
  • Hello Sarath, not sure if i understand your question.

    - Are you asking to use the same certificate for all the services on your WFM Farm (Workflow\Service Bus)?

    Yes this is possible, just generate your certificate on your environment, add him to your Trusted Certify Authority Store on the Server., then use it on your configuration wizard 

    - Are you asking to use the same certificate for all the services on your WFM Farm (Workflow\Service Bus), an that this certificate be a Auto-Generated?

    No, the auto-generated certificates (by this i understand that you are talking about the Certificate generated on the Wizard configuration) would be generated for the Service Bus, Workflow and Outbound Communication, so you will have three different certificates 


    Hope that helps Cheers //Jose

    ==============================

    Please click "Mark As Answer" if this post solves your problem or "Vote As Helpful" if it was useful


    Wednesday, December 14, 2016 1:28 PM
  • Yes, configuring the WFM production farm (with single server) using AutoGenerate certificate option in Config wizard is supported.



    Please mark as helpful if this was helpful. Thanks & Regards, Jose

    • Marked as answer by admin_sps Wednesday, December 14, 2016 5:27 PM
    Wednesday, December 14, 2016 5:24 PM

All replies

  • Hi Sarah, it should be any issues with a wildcard certificate.

    Validate the thumbprint of the certificate that is throwing the error, and then guarantee that the certificate is on the "Trusted Root Certification Authorities" of the Server.

    Hope that helps

    Cheers

    Please mark as helpful if this was helpful.


    Thanks & Regards, Jose

    Tuesday, December 13, 2016 4:38 PM
  • Hi Jose,

    Thanks for the response.

    Can we use Autogenerate certificate in production deployments having single server WFM installations instead of using separate certificate?

    BR, Sarath



    • Edited by admin_sps Wednesday, December 14, 2016 6:07 AM
    Wednesday, December 14, 2016 6:02 AM
  • Hello Sarath, not sure if i understand your question.

    - Are you asking to use the same certificate for all the services on your WFM Farm (Workflow\Service Bus)?

    Yes this is possible, just generate your certificate on your environment, add him to your Trusted Certify Authority Store on the Server., then use it on your configuration wizard 

    - Are you asking to use the same certificate for all the services on your WFM Farm (Workflow\Service Bus), an that this certificate be a Auto-Generated?

    No, the auto-generated certificates (by this i understand that you are talking about the Certificate generated on the Wizard configuration) would be generated for the Service Bus, Workflow and Outbound Communication, so you will have three different certificates 


    Hope that helps Cheers //Jose

    ==============================

    Please click "Mark As Answer" if this post solves your problem or "Vote As Helpful" if it was useful


    Wednesday, December 14, 2016 1:28 PM
  • Hello Jose

    Instead of using a separate single certificate (may be from a CA) and using it in config wizard, configuring the WFM production farm (with single server) using AutoGenerate certificate option in Config wizard is supported?

    Hope this clarifies the question. If not, please let me know

    BR, SArath

    Wednesday, December 14, 2016 3:38 PM
  • Yes, configuring the WFM production farm (with single server) using AutoGenerate certificate option in Config wizard is supported.



    Please mark as helpful if this was helpful. Thanks & Regards, Jose

    • Marked as answer by admin_sps Wednesday, December 14, 2016 5:27 PM
    Wednesday, December 14, 2016 5:24 PM
  • Thanks Jose!! Your responses helps me a lot :)
    Wednesday, December 14, 2016 5:27 PM