What is (ITATP151W Security warning) in CyberArk Vault Server?

CyberArk Vault Server application is installed with a self signed certificate and as a result the Vault Server application gives a warning on launch with a reminder to use a CA signed certificate.

In this post, we will go through the steps to generate the certificate request, get it signed from Certificate Authority, install the signed certificate and finally validating the certificate.

CyberArk Vault Certificate Signing

Identifying the Error (ITATP151W Security warning)

Upon launching the CyberArk Vault Server Application a warning is given as per below if the certificate is a self signed certificate:

CyberArk Certificate Error

This warning comes up every time the CyberArk Vault Server application is started with a self signed certificate.

Creating a certificate request from CyberArk vault server

CyberArk provides a built-in utility to help generate the certificate request.
We can also use the Windows certificate generation utility as well but CyberArk utility makes it much easier.

The utility is called “CACert.exe” and is located under the CyberArk Vault Server installation folder.
By default, this folder is “C:\Program Files (x86)\PrivateArk\Server”

  1. Open command prompt as an administrator and navigate to “C:\Program Files (x86)\PrivateArk\Server”
  2. Run the command  “CACert.exe request” and follow the prompts

Get the Certificate Request signed from CA (Certificate Authority) and Validate

  1. Copy the certificate request content from previous step and paste it into the Certificate Authority request
  2. Generate the signed certificate and download it
  3. Copy the signed certificate to the Vault Server
  4. Install the certificate
  5. Validate certificate error is no longer showing