Last updated 29/08/2024
Background
As of September 18th 2024, the root certificate of Imagevault4 Core instances will expire and in worst case that may cause dependent livesites to stop working.
However, the fix for this problem is easy, you only need to download a renewed root certificate and install it on the Core-server and UI-server, that's all!
Note: If you have multiple front-ends or load-balanced core, you must install the certificate on ALL machines hosting core or UI.
Installation
First, download the renewed certificate from here and save it on the Core-server and UI-server.
Doubleclick the certificate-file, ImageVaultDefaultRootCA.pfx, and follow the guide that follows:
Select Local Machine as store location and click Next.
Make sure the correct file is referenced and click Next.
The certificate is password protected, please enter the password (iv) and click Next.
Make sure the certificate is stored inte Trusted root store and click Next.
Verify the given parameters and click Finish. Done!
Repeat these steps on the Ui-Server if necessary.
After the installation of the renewed certificate is done, your application certificate for ImageVault Core will be automatically redirected to the renewed root certificate and will be fully functional until September 18th 2024.
-----
Adding an example stack trace to make the article easier to find:
Exception:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 12.10.2020 15:32:19
Event time (UTC): 12.10.2020 12:32:19
Event ID: 0c86a45693bb463fb9772725980fe92a
Event sequence: 15
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/2/ROOT/ImageVault-1-132469790303194781
Trust level: Full
Application Virtual Path: /ImageVault
Application Path: c:\ImageVault\Ui\mycompany\
Machine name: MYCOMPANYMACHINE
Process information:
Process ID: 72396
Process name: w3wp.exe
Account name: IIS APPPOOL\ImageVaultUiMycompanyAppPool
Exception information:
Exception type: SecurityTokenValidationException
Exception message: The X.509 certificate CN=ImageVault.Idp, O=Meridium, OU=Dev, L=Kalmar, C=SE is not in the trusted people store. The X.509 certificate CN=ImageVault.Idp, O=Meridium, OU=Dev, L=Kalmar, C=SE chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
at System.IdentityModel.Selectors.X509CertificateValidator.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
Request information:
Request path: /ImageVault/
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\ImageVaultUiMycompanyAppPool
Thread information:
Thread ID: 7
Thread account name: IIS APPPOOL\ImageVaultUiMycompanyAppPool
Is impersonating: False
Stack trace: at System.IdentityModel.Selectors.X509CertificateValidator.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
