Gravatar for

Question by jkearns, Oct 31, 2014 3:09 PM

CES can't find certificate

I'm setting up a configuration where the Sitecore instance is hosted on one server and CES on another. Right now my diagnostics page is all green, indexes seem to be rebuilding properly on the CES server (there is activity on the CES console on the CES server when I rebuild indexes in Sitecore) and there are no error messages on my Sitecore server. However, every search returns 0 results. When I go to check out the index on the CES server, I go to the CES admin, content tab, Index browser tab, and at the bottom there is the error "The certificate file does not exist: C:\CES7\Config\Certificates\cert-iis.p12". The file at that path definitely does exist, and I'm also confused because I had to copy it to my Sitecore server and point my config files at that, so I'm not sure why it is checking in that location. Have I missed a config change somewhere? Could the problem be with that certificate file itself?

3 Replies
Gravatar for

Answer by jkearns, Nov 21, 2014 5:31 PM

The issue here was that the Coveo server could not connect to the Sitecore instance because it was defined locally on the Sitecore server. I had to add a new IIS binding for my site and then add that port number into the site root definition in my Coveo config to get results to show up.

Gravatar for

Answer by Jean-François L'Heureux, Oct 31, 2014 3:48 PM

The certificate should exist on both servers.

On the CES server, it should be in C:\[Index folder]\Config\Certificates\cert-iis.p12.

On the Sitecore server, it should be at the location specified in the Coveo.SearchProvider.config file.

Is it possible that you accidentally moved the certificate from one server to another instead of copying it?

If the certificate exists on the CES server at the right location, you may check that the CES Administration Tool application pool user has rights to access the certificate.

Gravatar for

Comment by jkearns, Oct 31, 2014 4:03 PM

The certificate is on both servers, it's in the location specified and I'm quite certain that they are identical. I appreciate the suggestion.

Gravatar for

Comment by Jean-François L'Heureux, Oct 31, 2014 4:32 PM

Can you validate that the certificate in the CES index folder has the right file extension? That it doesn't have 2 extensions like ".p12.somethingElse". It is supposed to be a ".p12" file with the "Personal Information Exchange" type in your file explorer.

Gravatar for

Comment by jkearns, Oct 31, 2014 4:37 PM

It is a .p12. Could there be a problem with the actual contents of the file? Is there an easy way to check?

Gravatar for

Comment by Vincent Séguin, Nov 1, 2014 10:10 AM


That is possible. What you could try is take a backup of your certificates, then shutdown CES and try to delete the content of the certificates folder. Restart CES and let it recreate them for you, see if it solves the problem (don't forget to copy the new certificate to your Sitecore server as well).

Gravatar for

Comment by jkearns, Nov 4, 2014 2:37 PM

Vincent, I gave that a try and I'm still having the same error. This might be a shot in the dark, but I was reviewing the guide on setting up a remote search provider and I am wondering if the issue might be related to the sitecore instance URL I specified in my Coveo.SearchProvider.config. Right now I am just running a local site on the sitecore server, so it seems to me that the CES server might not be able to find the site at that URL. Is that situation possible, and how can I troubleshoot it? If that is the issue, would it produce an error that looks like this?

Gravatar for

Comment by Vincent Séguin, Nov 4, 2014 2:43 PM

It would be a different error if it was related to the server url. I suggest that you open a support ticket and we could quickly take a look at your setup to make it work.

Gravatar for

Answer by fcote, Nov 12, 2014 3:59 PM

We think your current issue is linked to the permissions that the Network Service identity has. More precisely, we think that this particular user doesn't have the rights to access your certificate.

The next step is to explicitly grant the permission to that user:

  • Go to [INDEX PATH]\Config\Certificates,
  • right click on cert-iis.p12,
  • select Properties, Security Tab, Edit
  • in security, add and user called Network Service
  • set the Permissions to Read & Execute and Read
Ask a question