Automatic user enrollment failed: The certificate authority is invalid or incorrect

Password Manager
Copy Article URL Copied
On the startup, the enrollment wizard does not start and returns the following error:
"Automatic user enrollment failed: The certificate authority is invalid or incorrect (Error code: 12045)"

This issue occurs when you use a self-signed SSL certificate for the Self-Service portal.
To resolve the issue, either obtain a signed third-party SSL certificate, or deploy the self-signed certificate to root CA (certificate authority) of all problematic workstations. 
To deploy a self-signed certificate

  1. Save certificate to file locally. In order to do this browse to the web-site you have assigned a certificate to, click Agree to continue on a notification screen, in address bar find certificate and open certificate information (see screenshots – View certificates or Certificate information)

User-added image

  1. Go to the Details tab and click Copy to file… button, a wizard opens
  2. Select Cryptographic Message Syntax Standard (PKCS #7) and click Next
  3. Select a Path to save the file and click Next, then Finish.
  4. Copy the file to the machine where Group Policy Manager is installed
  5. Start Group Policy Manager and edit Default Domain Policy
  6. In the Group Policy Object Editor, navigate down to: Computer Configuration – Windows Settings – Security Settings – Public Key Policies – Trusted Root Certification Authorities, right-click and select Import.
  7. In wizard specify the file we have created earlier and click Next,
  8. Leave Certificate Store as default and click Next, then click Finish
  9. Run gpupdate /force or wait until policy applies automatically

User-added image

Also, make sure that the name of the server stored in the certificate matches the name you specified on the Password Manager client setup.

More screenshots here Deploying a Self-Signed Root Certificate with Group Policy

Go Up