I need to set up secured communications between two windows machines. I have generated a set of certificates for this purpose and saved them as .x509 files.
If I set about installing those on another machine, I get the The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered. warning. I understand that this means it cannot verify certificates up the chain, but I don't know what I need to do to authorise them. Previously I have been able to do this by viewing the root certificate from the imported certificate in the certificate manager, exporting it as a .cer file and then re-importing that file to the "Trusted Root Certification Authorities" store, but that doesn't seem to work here and if I am honest I am basically doing that as a voodoo process- I don't understand what its purpose is and given that I want to be able to automate the whole thing through Powershell I think I need to deepen my comprehension here. Unless someone has a convenient scriptlet that has this covered, of course. That would be excellent.
What I really want to do is to have a set of files representing my current certificate chain that can be imported as part of an installation process, with whatever administrator interaction is required, and will install a working chain that I can then use from my application to set up a secure pipe between two machines.
I am installing the actual Certificates I plan to use to LocalMachine\My
Best Answer
Trusted Root Certificates are self signed certificates. So verifying the certificate should not give an error unless your windows machine does not understand the algorithms used for creating/signing the certificate.
One such case is
Windows Server 2003and theSHA-2family of algorithms.Windows Server 2003does not understandSHA-2family of algorithms. I faced this issue recently & the fix was to install a hotfix on the machine which fixes this issue - this is the link for the hotfix.