Failure while getting Encoded public key for CommServer

Article ID: SEC0001 CommServe host connections fail because CommServe root CA certificate is not present or issued by an unknown or invalid certificate authority

Symptom

Error most likely occurs after updating CommServe software.

Java Console and qlogin connection attempts fails with error "Failure while getting Encoded public key for CommServer".

EvMgrS log shows "verify trust for file - D:\Progam Files\Commvault\Simpana\Base\cvsecurityn.dll failed - reason: an internal certificate has failed".

Windows Event log shows Windows Error 12045 (ERROR_INTERNET_INVALID_CA) 

 

Cause

CommVault uses Entrust as its Certification Authority (CA). Entrust is in Microsoft's root certification program. Windows update system automatically downloads and installs root certificates of all CA's that are in the root certification program. This is on by default.

Failure to download and install root certificates can occur when user turns off root certificate update option in the Local Group Policy's Computer Configuration settings.

 

Resolution

Turn on Automatic Root Certificates Update for Local Group Policy on the CommServe Host.

On the CommServe host desktop

  1. Click Start, and then click Run.
  2. Type gpedit.msc. Click OK.

If the User Account Control dialog box appears, confirm that the action it displays is what you want, and click Continue.

  1. Expand Computer Configuration | Administrative Templates |System | Internet Communication Management | Internet Communication settings.
  2. Double-click Turn off Automatic Root Certificates Update to open settings dialog box.

The policy setting should be Not Configured or Disabled. If you enable this setting and you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update web site to see if Microsoft has added the CA to its list of trusted authorities.

For more info on Windows Error 12045 see http://support.microsoft.com/kb/182888

For more info on downloading and installing Entrust Certificate Authority see http://www.entrust.net/knowledge-base/technote.cfm?tn=8140

For more info on CommVault's use of root certificates see http://documentation.commvault.com/commvault/v10/article?p=products/content_index/security.htm