Certificate security violation: The certificate was issued by an untrusted or unrecognized root certificate.

book

Article ID: 6825

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction

The following error is seen in the System Event Viewer log on machines running ITCM version older than 14.0 SP1.

Certificate security violation: The certificate was issued by an untrusted or unrecognized root certificate. 

Environment

CA Client Automation Version - 14.0 SP1, 14.0 SP2

Resolution

This is an expected behaviour between ITCM 14.0 SP1/SP2 and legacy (pre 14.0 SP1) ITCM machines.

In ITCM 14.0 SP1 (14.0.1000.194), the support for SHA2 certificates was introduced. 

ITCM 14.0 SP1 uses the SHA2 certificate by default to establish sessions. Since, SHA2 certificates are not available on pre 14.0 SP1 Scalability Servers/Agents, they can not verify the authenticity of the received message. Therefore, they throw up the error: "The received message was certified by a certificate which is signed by untrusted root". The same error is recorded in the system event logs.

After this failure, the 14.0 SP1 machine uses SHA1 certificate to set up a session with pre 14.0 SP1 machines.