Troubleshooting

The behavior described in this section is not only relevant for certificates that are issued by a certification authority (CA), but also for self-signed certificates.

When the cloud services in PCo are requesting the system certificate (client certificate) from the Cloud Connector, the Cloud Connector might not return a client certificate. The reason for this behavior might be that the Cloud Management Service is sending an issuer list that does not contain the CA certificate that issues the system certificate.

The behavior of sending CA lists, when requesting the client certificate, is controlled by the following entry in the system hosting the PCo installation: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendTrustedIssuerList

If the parameter is set to 0, the issuers list will not be sent, when requesting a client certification. It could be that the parameter is missing and then the default behavior is applied. The default behavior in older OS such as Windows Server 2008 R2 was that the parameter had the value 1, but in newer OS the default value is 0.