Background

As of October 9th 2020, the root certificate of Imagevault4 Core instances will expire and in worst case that may cause dependent livesites to stop working.

However, the fix for this problem is easy, you only need to download a renewed root certificate and install it on the Core-server and UI-server, that's all!


Note: If you have multiple front-ends or load-balanced core, you must install the certificate on ALL machines hosting core or UI.

Installation

First, download the renewed certificate from here and save it on the Core-server and UI-server.
Doubleclick the certificate-file, ImageVaultDefaultRootCA.pfx, and follow the guide that follows:


Select Local Machine as store location and click Next.



Make sure the correct file is referenced and click Next.



The certificate is password protected, please enter the password (iv) and click Next.



Make sure the certificate is stored inte Trusted root store and click Next.



Verify the given parameters and click Finish. Done!

Repeat these steps on the Ui-Server if necessary.


After the installation of the renewed certificate is done, your application certificate for ImageVault Core will be automatically redirected to the renewed root certificate and will be fully functional until September 18th 2022.


-----


Adding an example stack trace to make the article easier to find:

Exception:
 
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 12.10.2020 15:32:19
Event time (UTC): 12.10.2020 12:32:19
Event ID: 0c86a45693bb463fb9772725980fe92a
Event sequence: 15
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/2/ROOT/ImageVault-1-132469790303194781
    Trust level: Full
    Application Virtual Path: /ImageVault
    Application Path: c:\ImageVault\Ui\mycompany\
    Machine name: MYCOMPANYMACHINE
 
Process information:
    Process ID: 72396
    Process name: w3wp.exe
    Account name: IIS APPPOOL\ImageVaultUiMycompanyAppPool
 
Exception information:
    Exception type: SecurityTokenValidationException
    Exception message: The X.509 certificate CN=ImageVault.Idp, O=Meridium, OU=Dev, L=Kalmar, C=SE is not in the trusted people store. The X.509 certificate CN=ImageVault.Idp, O=Meridium, OU=Dev, L=Kalmar, C=SE chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
   at System.IdentityModel.Selectors.X509CertificateValidator.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate)
   at Microsoft.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate)
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
 
 
Request information:
    Request URL: http://www.mycompany.com:351/ImageVault/
    Request path: /ImageVault/
    User host address: 127.1.1.1
    User: 
    Is authenticated: False
    Authentication Type: 
    Thread account name: IIS APPPOOL\ImageVaultUiMycompanyAppPool
 
Thread information:
    Thread ID: 7
    Thread account name: IIS APPPOOL\ImageVaultUiMycompanyAppPool
    Is impersonating: False
    Stack trace:    at System.IdentityModel.Selectors.X509CertificateValidator.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate)
   at Microsoft.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate)
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)