[Bug]: Error on Windows CRYPT_E_NO_REVOCATION_CHECK root_ca not in cert store #2150
Comments
|
Have you checked the system certificate store as well as the user certificate store? I assume the error is shown when a curl request is made towards |
|
Found it at the user certificate store, the computer cert store is empty. I don't know what a system cert store is. Yeah, the curl fails, not the installation itself. It works on our Debian VM's. How do I tell curl to use the cert store? I tried the bootstrap with and without admin permissions. No difference. Also curl with We don't have a CRL set up, we only use step-ca internally for our dev-nodes. Is that required? I thought it's just for security for active revocation if the intermediate gets compromised. |
|
Adding the root ca to both trusted stores also does not work, even after restart, with and without admin permssions. |
|
It sounds like the root certificate was installed correctly, so that part is down. The Then onto the Apache server: is that also running on Windows, and under the same user? |
Steps to Reproduce
I ran the bootstrap command with
--installon a Windows 10 and 11 but cannot find the trusted certificate in the trusted computer store nor does a curl command respond without an error. This results in Apache not being able to call /directory to our step-ca server. The command itself reports the installation succeeded.Your Environment
Windows 10 Pro 22H2
Windows 11 Pro 24H2
Smallstep CLI/0.28.2 (windows/amd64)
Release Date: 2024-11-20T19:14:16Z
Expected Behavior
.
Actual Behavior
Additional Context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: