000032833 - The root CA certificate is required for activation in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032833
Applies ToRSA Product Set: SecurId
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueWhen importing into the Authentication Manager's Operations Console a custom certificate signed by a known CA, the following error is generated:
"The root CA certificate is required for activation. 
Import the root certificate from your CA and try again"

  The signed certificate in PKCS#7 format.
ResolutionBefore importing the new signed certificate, import every certificate from the certificate chain into the Authentication Manager's Operations Console. This would include the root CA certificate and intermediate certificate.
There are many methods to obtain the root CA certificate and intermediate certificate.  Here is one of those ways:
1.  On Windows OS, double-click on the signed certificate file. This will bring up the properties of the certificate.
2.  Click on the certification path. This will list the certificate chain that signed your certificate.  Double-click on the top-most CA certificate, usually this is the root CA certificate.  This should open the properties of the root CA certificate.
3.   Click on the Details tab on the properties of the root CA certificate.
4.  Click on the "copy to file" button. This will bring up the Certificate Export Wizard.
5.   Click on the Next button. You will be prompted to select the export file format. Choose base-64 encoded X.509 (.cer) and click on the next button.
6.  On the next screen, you will be prompted to select to location to save the exported root CA certificate.
7.  Repeat steps 2-6 for any intermediate CA certificates that need to be exported.
8.  Log into the operations console, and import the root CA certificate along with any intermediate CA certificates.  Before to import the CA certificates in the order it was listed in the certificate chain path (from top-down).
9.  Finally, import the signed certificate you had received from the CA.

Attachments

    Outcomes