CES can't find certificate
I'm setting up a configuration where the Sitecore instance is hosted on one server and CES on another. Right now my diagnostics page is all green, indexes seem to be rebuilding properly on the CES server (there is activity on the CES console on the CES server when I rebuild indexes in Sitecore) and there are no error messages on my Sitecore server. However, every search returns 0 results. When I go to check out the index on the CES server, I go to the CES admin, content tab, Index browser tab, and at the bottom there is the error "The certificate file does not exist: C:\CES7\Config\Certificates\cert-iis.p12". The file at that path definitely does exist, and I'm also confused because I had to copy it to my Sitecore server and point my config files at that, so I'm not sure why it is checking in that location. Have I missed a config change somewhere? Could the problem be with that certificate file itself?
The issue here was that the Coveo server could not connect to the Sitecore instance because it was defined locally on the Sitecore server. I had to add a new IIS binding for my site and then add that port number into the site root definition in my Coveo config to get results to show up.
The certificate should exist on both servers.
On the CES server, it should be in
On the Sitecore server, it should be at the location specified in the
Is it possible that you accidentally moved the certificate from one server to another instead of copying it?
If the certificate exists on the CES server at the right location, you may check that the CES Administration Tool application pool user has rights to access the certificate.
We think your current issue is linked to the permissions that the Network Service identity has. More precisely, we think that this particular user doesn't have the rights to access your certificate.
The next step is to explicitly grant the permission to that user:
- Go to [INDEX PATH]\Config\Certificates,
- right click on cert-iis.p12,
- select Properties, Security Tab, Edit
- in security, add and user called Network Service
- set the Permissions to Read & Execute and Read