Date Posted:
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Problem:
Private Key on node must be accessible to delegated users to be able to use TERR Service
Solution:
In an environment with kerberos delegation to the Spotfire Web Player you might end up in a situation where access to other Spotfire components fails due to:
WinHttp request failed with code (12186): ClientCertificateNoAccessPrivateKey
This line is logged on DEBUG so it's not always clear that this is the reason in the following ERROR message.
One of the situations this can happen is when you try to access the TERRservice, if the TERRservcie URL in question has not been successfully accessed recently (by a user having access to the certificate private key).
- Grant read access to the certificate private key for the group "Authenticated Users"
- On the Node Manager in question, open mmc.exe, add Snap-in certificate for Local computer
- Open Console Root/Certificates/Personal/Certificates and right click on the certificate issued by "TIBCO Spotfire Signing CA"
- Under All Tasks you find "Manage Private keys..."
- Add the Group "Authenticated Users" (or any other AD group defining all intended users) and grant read
After this you should not get ClientCertificateNoAccessPrivateKey
Comments
0 comments
Article is closed for comments.