How to import a third party certificate in Equitrac if the Certificate Request has been deleted from the certificate store

Applies To

• Equitrac Express and Equitrac Office versions 5.4 and earlier
• Equitrac Professional 5

Problem

Administrators may wish to add a trusted certificate using the EQSSLCertificateManager for features such as the user WebTools web page in Equitrac Express or Equitrac Office versions 5.4 and earlier, and Equitrac Professional. (Note: In newer versions of Equitrac Office and Express, the web-based features were migrated to use IIS. Adding certificates to IIS is handled in a different way. Consult the Installation Guide section on the Web Client for more details.)

Normally, when a Certificate Request is generated by EQSSLCerticateManager for submission to a trusted Certificate Authority, the server keeps a "Pending" copy of the Request in the certificate store. When the final certificate is added to the server, it is compared against that copy. If the Pending certificate is deleted prior to the addition of the final certificate for some reason, the final certificate within the store will lack all the necessary components to function. (It will be missing the private key, for example.)

One way to resolve this issue is to re-create the Certificate Request and re-submit it to the Certificate Authority, making sure that the Certificate Request is not deleted.

Alternative Solution

The certificate can be imported and fixed using the DOS "certutil" command as follows:

1. Log into the server as the Equitrac service account.  If using for webtools, the server hosting the Scheduler service.  For web release, the server running the DCE service.
2. Launch the Command window using the Run As Administrator command.
3. Type "certutil -addstore equitrac-shared " where '' is the path to and name of the .cer or .crt certificate file. If it includes spaces then enclose in quotation marks. Press Return/Enter.
4. You should see a message that the procedure was successful.
5. Click the Start button and launch the MMC console by typing "MMC"
6. Under the File menu, select Add Snap-in and then double-click Certificates.
7. As you move through the wizard, select Machine account and Local machine.
8. Once the Certificate item appears on the left, expand it and locate the Equitrac-Shared store. Expand that too.
9. You should see the certificate you just added. Double-click on it.
10. Click on the Details tab of the certificate dialog.
11. Scroll down until you find the Thumbprint item and click on it.
12. Copy the value that appears in the lower area of the dialog.
13. Paste the value into Notepad. Starting at the end, carefully select all the values to the first character. (This is to avoid copying invalid string values that may be attached to the start of the text.) Copy.
14. Return to the Command window.
15. Type "certutil -repairstore equitrac-shared " where '' is the pasted copy of the value from step 13. Make sure there are no invalid characters at the beginning of the string. Press Enter/Return.
16. You should see a message that the procedure was successful.
17. Restart the Equitrac service(s).  For webtools - Scheduler.  For web release - DCE.