AD FS 2.0 证书问题
AD FS 2.0 certificate issue
我有一个 window 2008 R2 服务器,并安装了 AD 和 ADFS 2.0。
配置 ADFS 后,然后与其他系统集成。
我在集成时遇到了问题。从 windows 事件日志中找到以下错误消息。
An error occurred during an attempt to build the certificate chain for the relying party trust 'http://carlos-carlosad-ca.com/adfs/services/trust' certificate identified by thumbprint 'BD188AC26E0BDDC167D1A224493AB206515243F4'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period.
You can use Windows PowerShell commands for AD FS 2.0 to configure the revocation settings for the relying party encryption certificate.
Relying party trust's encryption certificate revocation settings: None
The following errors occurred while building the certificate chain:
MSIS2013: A required certificate is not within its validity period when verifying against the current system clock.
User Action:
Ensure that the relying party trust's encryption certificate is valid and has not been revoked.
Ensure that AD FS 2.0 can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting.
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS 2.0 Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).
我已经导出 "Token-Signing",并将其导入我的集成系统。
不是编程问题。并且文本中明确指出签名证书已过期。让他们 "the others" 在那里放一个有效的证书。这就是 ADFS 的要求。
我有一个 window 2008 R2 服务器,并安装了 AD 和 ADFS 2.0。 配置 ADFS 后,然后与其他系统集成。 我在集成时遇到了问题。从 windows 事件日志中找到以下错误消息。
An error occurred during an attempt to build the certificate chain for the relying party trust 'http://carlos-carlosad-ca.com/adfs/services/trust' certificate identified by thumbprint 'BD188AC26E0BDDC167D1A224493AB206515243F4'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS 2.0 to configure the revocation settings for the relying party encryption certificate. Relying party trust's encryption certificate revocation settings: None The following errors occurred while building the certificate chain:
MSIS2013: A required certificate is not within its validity period when verifying against the current system clock. User Action: Ensure that the relying party trust's encryption certificate is valid and has not been revoked. Ensure that AD FS 2.0 can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS 2.0 Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).
我已经导出 "Token-Signing",并将其导入我的集成系统。
不是编程问题。并且文本中明确指出签名证书已过期。让他们 "the others" 在那里放一个有效的证书。这就是 ADFS 的要求。