Verisign support helped us. We had to create a new request in the *SYSTEM
certificate store, revoke the old certificate, and create a new. After
doing all that we were able to upload the new certificate with no issues.
So apparently the issue was with the certificate store. Everything is
working now.

As a side note, I was pretty impressed with Verisign's support. They seemed
to be knowledgeable about DCM and configuring SSL in the IBM i environment.



On Tue, Jun 21, 2011 at 9:51 AM, Matt Lavinder <
mlavinder@xxxxxxxxxxxxxxxxxxx> wrote:

You will have to pardon my ignorance as this is my first time setting up
SSL certificates.

Yesterday we created a new Certificate Signing Request (CSR) and submitted
it to Verisign. They have sent us back a certificate, but when I go to
import it, I get this message:

An error occurred during certificate validation. The issuer of the
certificate may not be in the certificate store or the issuer may not be
enabled

The CSR we generated had to have a 2048 key to comply with new standards
Verisign has in place. I believe the new standards don't go into affect
until 2012 or 2013, but we were renewing for 3 years, so they made us use
the longer key.

My first question is: does IBM i support the 2048 key?

Next, when I created the certificate, I did not create the it in the
*SYSTEM Certificate Store. I realized I had messed that up after we had
sent the CSR to Verisign. I was hoping we could just move the certificate
to the appropriate store after the fact (export and then import). Currently
I am handling all this in the *OBJECTSIGNING store. Two questions:

Would the certificate store I am using cause this issue?
Will I be able to move the certificate to the *SYSTEM certificate store, as
I am hoping, or do I need to start over?

Thanks for the help.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.