|Applies To||RSA Product Set: SecurId|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||When importing into the Authentication Manager's Operations Console a custom certificate signed by a known CA, the following error is generated:|
"The root CA certificate is required for activation.
The signed certificate in PKCS#7 format.
|Resolution||Before importing the new signed certificate, import every certificate from the certificate chain into the Authentication Manager's Operations Console. This would include the root CA certificate and intermediate certificate.|
There are many methods to obtain the root CA certificate and intermediate certificate. Here is one of those ways:
1. On Windows OS, double-click on the signed certificate file. This will bring up the properties of the certificate.
2. Click on the certification path. This will list the certificate chain that signed your certificate. Double-click on the top-most CA certificate, usually this is the root CA certificate. This should open the properties of the root CA certificate.
3. Click on the Details tab on the properties of the root CA certificate.
4. Click on the "copy to file" button. This will bring up the Certificate Export Wizard.
5. Click on the Next button. You will be prompted to select the export file format. Choose base-64 encoded X.509 (.cer) and click on the next button.
6. On the next screen, you will be prompted to select to location to save the exported root CA certificate.
7. Repeat steps 2-6 for any intermediate CA certificates that need to be exported.
8. Log into the operations console, and import the root CA certificate along with any intermediate CA certificates. Before to import the CA certificates in the order it was listed in the certificate chain path (from top-down).
9. Finally, import the signed certificate you had received from the CA.