Cm error while updating

17-Sep-2017 12:05

FIM CM has three accounts that require certificates.

These are the FIM CM Agent account, the FIM CM Enrollment Agent account, and the FIM CM Key Recovery Agent account.

Likewise, if these certificates expire, it will be necessary to renew them.

This document describes how to configure the certificates manually and how to renew these certificates.

It is important to have a lifecycle strategy for the Key Recovery Agent certificates.

Designing a lifecycle strategy is outside the scope of this document.

Consult the vendor or product documentation of the 3rd party certificate authority for information on how add the FIM CM Key Recovery Agents certificate to the Recovery Agents for the certificate authority.

The FIM CM agent’s thumbprint must be added to the Policy Module properties of the certificate authority.

The following section assumes the use of a Windows Certificate Authority.By default, if the FIM CM Configuration Wizard automatically assigns the FIM CM account certificates, the entries in the web.config file will be setup automatically. The certificate and the private key must be in the FIM CM Agent’s profile on the FIM CM server, but using a separate key allows the key to be used programmatically to access the encrypted data, without exposing the FIM CM Agent’s private key that is used for signing operations outside of the FIM CM environment.If this is a brand new install, and you have selected the Create and configure certificate manually in the Configuration wizard, then the values in the FIM CM web.config file will be blank. If these entries are left blank then FIM CM will default to using the FIM CM Agent certificate hash.If you have already assigned these accounts certificates or wish to manually assign certificates later, select this option.