Signing certificate not found – Identity Server

Signing certificate not found: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

The reason behind this one, worries me a bit. Our sys-admin was cleaning out some old expired keys. When he did, we got this error.

The way that we resolved it was

1. Go into the database for IdentityServer
2. Find the table named KeyMaterialConfiguration
3. Set the SigningCertificatename to NULL
4. Go to the web page for your IdentityServer. It will now ask you to pick a certificate.
5. Everything works again

This solution makes my skin crawl. I don’t like the idea of allowing [the very next person who gets to this server] to choose an encryption key.

I also wonder if this could be resolved by refreshing the app pool.

If there is not a simple way of fixing this (by reboot, etc), Then I’m going to work on a coding tweak that will detect this error and change the database to simply choose another (arbitrary) key from the list and add a warning message at the bottom of the screen.

Advertisements

About Tim Golisch

I'm a geek. I do geeky things.
This entry was posted in Errors, Lessons Learned and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s