Receiving an error "A certificate chain could not be built to a trusted root authority" when attempting to install APNS certificate in IIS

book

Article ID: 156246

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

When you attempt to install .pem APNS certificate provided by Apple into IIS, you receive error "A certificate chain could not be built to a trusted root authority".

"A certificate chain could not be built to a trusted root authority"

 

Cause

Missing Apple intermediate and CA certificates. Download them as following:

http://www.apple.com/certificateauthority/AppleAAI... Import it under Personal folder.

http://www.apple.com/appleca/AppleIncRootCertifica... Import it under trusted root certificates.

Resolution

  1. On MMS server, download and save the Apple Inc. Root Certificate and the Apple Integration Certificate from the Apples Certificate Authority website to a local drive
  2. Select Start > Run
  3. Type MMC and press Enter
  4. Select File > Add/Remove Snap-in
  5. Ensure Certificates is highlighted in the left list and click Add and ok
  6. In the wizard, select Computer account and click next
  7. Select Local computer and click Finish, then click ok
  8. In the left frame, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, and select Certificates
  9. Right click in the main window's whitespace and select All Tasks > Import...
  10. Proceed through the wizard, selecting the .pem (.cer) file(s) downloaded from Apple in step 1, then selecting Next.
  11. In the next window, ensure Place all certificates in the following store has Trusted Root Certification Authorities selected.
  12. Finish the wizard and repeat steps 9 to 11 for the additional Apple certificate from the Apple site.
  13. Return to IIS manager and attempt to complete the certificate signing request and the error should no longer occur.

Applies To

Mobile Management Solution 7.1

 

Attachments