I am using the Beta Hub as I need to place the same cert on multiple web servers. The new feature External Certificate Subscription is exactly what I need. I have attempted to set this up; however, I receive the error “External certificate update could not be validated as deployable PFX data.”
I gave the cert consumer role to the remote host and just to validate have given every role to the hub and the remote server. Same error. Debug doesnt add to the log.
Thanks for trying that feature out, do you current have a working cert on the hub that you are trying to subscribe to?
I can confirm that you only need to assign the cert consumer role to the instance that’s pull the cert from the hub.
Is there a password set on the PFX? If so that’s won’t (currently) work as the certificate consumer doesn’t know the password.
Thank you!! That was the issue, the password on the PFX. Removing the password allowed the remote system to get the specified cert and deploy it.
Sorry to revive an old topic, but this might be my issue. will there be a way to add a pfx password to the subscription process? If i take off the pfx password, does that mean i have to re-pull the certificate?
If you remove the PFX password you then need to re-request it on the hub to rebuild the PFX, then run Request Certificate on the subscribing instance to refresh the subscribed cert.
We are not currently planning a method to set the PFX password for subscribed certs, we will likely add that in the future but we are largely freezing features now for release stability,