Forum Discussion

Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Sep 25, 2012

Machine Cert Checks

Not being a windows person, sadly I'm presented with an opportunity to add machine cert checks onto my APM installation... The APM config should be easy... The policy splits on a windows OS, and then runs through a machine cert check... Lookig for a cert in the 'My' or 'Personal' repository (I've tried both).

 

The bad thing is that although the admin can show me the cert in his console utility (It appears under Certificates (Local Computer) -> Personal -> Certificates, the machine cert check ALWAYS returns -2. No cert found.

 

I've discounted the non-admin user not being able to read the private key (They can't, but it should still hit the 'Found' path). And I've tried both the default MY and the Personal as the Repository... Perhaps it maps to a different name? Personal/Certificates (tried that)... Somethign else?

 

 

H

 

2 Replies

  • H,

     

     

    In my experiance with this there are three results of the machine certificate checker... 0 = Not Found, 1 = Found and Verified, 2 = Found but not Verified private key. The Cert Store will be "MY" and location will be "LocalMachine". You also need to make sure you have the CA Certificate imported into APM.

     

     

    Are you getting a "-2" as a response?

     

     

    Seth
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    The logs say -2... And the session variable session.windows_check_machinecert.last.result==-2.

     

     

    TBH it would be easier to work out what's happeneing if the log messages were in order (It seems to log strangely. e.g. SECURID module logs before you get a message sayign it's following the 'fallback' rule from Login page to 'RSA SecurID'... But I certainly get a message saying it's following the rule 'fallback' from item 'machine cert check' to terminal 'nocert' (nocert is a custom name for the fallback from the machine cert check).

     

     

    H