You guy are great!

I've received a zipfile with the files, and I've gone most of the way through the import. However, at the point where I actually import the certificate (after entering the password for the pfx fiels), I'm getting this error:

An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled.

I'm not sure what to do to correct for the error.

Additional files in the zip are:
AAACertificateServices.crt
AddTrustExternalCARoot.crt
comodo-nnnnnn.zip
SectigoRSADomainValidationSecureServerCA.crt
USERTrustRSAAAACA.crt
USERTrustRSAAddTrustCA.crt

We've been running SSL certificates on our 400 for many years, just having issues getting this pfx up and going.

Thanks in advance
TomH

-----Original Message-----
From: Tom Hightower
Sent: Tuesday, March 2, 2021 11:28 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: How do I import .crt certificate that was generated by csr on another system?

I've asked for and they've provided a zip with several files, including:
cert-req.txt
pfx-password.txt
star_company_com.cer
star_company_com.jks
star_company_com.crt
star_company_com.pfx

They want me to tie the cert to their SSL web server, their non-SSL web server and FTP (those are already secured with a soon-to-expire cert)

Blessings
TomH

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jacob Banda
Sent: Monday, March 1, 2021 5:32 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: How do I import .crt certificate that was generated by csr on another system?

I THINK this is what you're looking for:
https://www.ibm.com/support/pages/how-import-certificates-p12-or-pfx-extensi
ons

First question: is the file password protected?
Second question: did they give you the private key?
Third question: what exactly does your netadmin mean by "tie it to their secure website"? Are you hosting a webserver on your 400 for employee access?

What Brad mentioned is how I've done it as well. But the details of what exactly they gave you will help a bit more. Typically if you're going to import SSL certificates, you'll import the whole chain including the private key bundled in the PKCS12 format (which should be password protected). Since you didn't generate the CSR, you don't have the private key on your 400, and hence you can't use just the wildcard public certificate for enabling SSL on your 400 apps. You'd need the private key from the machine that generated the CSR as well.

The only other alternative I can think of is that they intended to give you the Signer (Root) Certificate of their wildcard cert, so that way you could import it in DCM and then your 400 would trust their site(s).

Have you tried double clicking the file on a Windows machine to see what metadata comes back, or opening it in notepad?

-----------------------------------------
Jacob Banda
-----------------------------------------





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.