000032833 - Root CA certificate is required for activation error when importing a custom certificate signed by a known CA into Operations Console for RSA Authentication Manager 8.x 

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 8, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032833
Applies ToRSA Product Set: SecurId
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueWhen importing a custom certificate signed by a known CA into the RSA Authentication Manager Operations Console, the following error is generated:

The root CA certificate is required for activation.
Import the root certificate from your CA and try again


  The signed certificate in PKCS#7 format.
ResolutionBefore importing the new signed certificate, import every certificate from the certificate chain into the RA Authentication Manager Operations Console. This includes the root CA certificate and intermediate certificate.

There are many methods to obtain the root CA certificate and intermediate certificate.  Here is one of those ways:
  1. On a Windows OS, double-click on the signed certificate file. This will bring up the properties of the certificate.
  2. Click on the certification path. This will list the certificate chain that signed your certificate.  
  3. Double-click on the top-most CA certificate, usually this is the root CA certificate.  This should open the properties of the root CA certificate.
  4. Click on the Details tab on the properties of the root CA certificate.
  5. Click the Copy to file button. This will bring up the Certificate Export Wizard.
  6. Click Next
  7. Select the export file format. Choose base-64 encoded X.509 (.cer).
  8. Click Next.
  9. On the next screen, select to location to save the exported root CA certificate.
  10. Repeat steps 2-9 for any intermediate CA certificates that need to be exported.
  11. Log into the operations console, and import the root CA certificate along with any intermediate CA certificates.  Before to import the CA certificates in the order it was listed in the certificate chain path (from top-down).
  12. Finally, import the signed certificate you had received from the CA.

Attachments

    Outcomes