-
Título
Error: "Certificate was not found" for the Application Server -
Descripción
After updating the certificate on the Application Server, the following error occurs:
"Server Error in AppServer Application"
"Certificate was not found"
"An unhandled exception occurred during the exception of the current web request. Please review the stack trace for more information about the error and where it originated in the code" -
Causa
This can occur if the old certificate was deleted, and the web.config has not been updated with the thumbprint of the new certificate. Please note for Identity Manager version 9.3.0 and above the tokencertificatethumbprint section has been moved to the appsettings.json file in the same directory.
-
Resolución
On the web server, get the new Certificate thumbprint:
1. Open an MMC console: Start | Run | "MMC":
2. Add the Certificates Snap-in:
- File | Add/Remove Snap-in
- Select "Certificates" and "Add"
- Ensure "Computer Account" is selected for the local computer
3. View the new Certificate:
- Expand "Certificates (Local Computer)" | "Personal" | "Certificates"
- Right-click on the new certificate and select "Open"
- Ensure the "Valid From" has the correct date range (and this is not the old certificate).
4. Document the Certificate Thumbprint:
- Select the "Details" tab
- Ensure "Show " is selected
- Scroll down to "Thumbprint"
- Copy the thumbprint and paste into a text editor
5. Format the thumbprint:
- In a text editor, remove any spaces
- Ensure to remove the hidden space at the beginning of the thumbprint (This is important, while not visible, there is a hidden space!)
While still on the Web Server, edit the Web.Config of the Application Server (Please note for Identity Manager version 9.3.0 and above the tokencertificatethumbprint section has been moved to the appsettings.json file in the same directory):
1. Browse to the folder for the App Server. By Default this is "C:\inetpub\wwwroot\AppServer"
2. Backup the current web.config file to a safe location to use if needed.
3. Edit the Web.Config file with a text editor, and update the thumbprint:
- In the Web.Config, look for the line: add key="tokencertificatethumbprint" value=""
- Update this line with the new thumbprint edited earlier: add key="tokencertificatethumbprint" value="afd28ff6044d590c5dc0f13d3136ff4a81681403"
- Save the updated Web.Config
4. Run an IISRESET:
- Open a Command Prompt as Administrator
- Run the command "iisreset"
5. Browse to the App Server page to test. The page should now load correctly. -
Información adicional
NOTE: Under certain situations the error "Keyset does not exist" may be displayed after running the above steps. This is a separate IIS issue, and is not related to the above. This second error is usually because the account running the AppServer AppPool does NOT have permissions to the certificate. In the MMC, right click on the certificate, tasks, manage private keys. Make sure the Service Account for the AppPool has permissions.