I have a test environment with SharePoint 2010 and FAST installed, and am using the self-signed certificates to enable FAST to communicate with SharePoint and vice-versa. My self-signed certificate expired, so I generated a new one using:
.\ReplaceDefaultCertificate.ps1 -generateNewCertificate $true
When I then tried to secure the FAST search connector via the Powershell command:
.\securefastsearchconnector.ps1 -certPath "" -ssaName "FASTSSA" -userName "<user name for osearch14"
I got an error when the script was trying to set Read/Execute permission on the certificate private key:
Could not set access rights on certificates private keys. Script can be rerun to only set access rights when reason for error is detected.
as well as:
Set-Acl : Attempted to perform an unauthorized operation
I tried several different methods to resolve, including setting the ownership of the file in script use TAKEOWN, but it wouldn’t work. Eventually I had to hack the securefastsearchconnector.ps1 file and comment out the line that set the ACL, as well as printing out what it was trying to do:
write-host "setting ACL for " $keypath$keyname " to " $script:userName
#set-acl -aclobject $acl $keypath$keyname
the output was then:
setting ACL for [full path to cert private key] to [user account of osearch14]
This effectively bypasses the setting of the ACL, and I then used the full path of the cert private key to manually add Read/Execute permission to my osearch14 account.
