This certificate or its signing CA is not valid error when importing a certificate chain in RSA Authentication Manager 8.x Operations Console
Originally Published: 2015-08-31
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
There was a problem processing your request.
This certificate or its signing CA is not valid. Select another certificate to import, and try again.
This certificate or its signing CA is not valid. Select another certificate to import, and try again.
The following error is present in the /opt/rsa/am/server/logs/AdminServerWrapper.log:
com.rsa.ims.security.tools.ssl.exception.InvalidCertificateException: Command ended with an error.
keytool error: java.lang.Exception: Input not an X.509 certificate
Resolution
- Copy the p7b file to any Windows machine, then double click the file to open it.
- On the left panel, expand the p7b container, then click on the Certificates container.
- From the right panel, locate and double click the root certificate.
- Under the Details panel, click Copy to File...
- Choose DER encoded binary X.509 (.CER) for the format, then click Next.
- On the next page click Browse... to choose the export location of the certificate file, then click Next.
- Repeat steps 3 to 6 for each certificate in the chain (all intermediate certificates and the signed server certificate).
- Now login to the Operations Console and import each .cer created in the above steps one by one.
- If you are importing a Console Certificate, select Deployment Configuration > Certificates > Console Certificate Management > Import Certificate.
- If you are importing a Virtual Host Certificate, select Deployment Configuration > Certificates > Virtual Host Certificate Management > Import Certificate.
- Browse and import each of the certificates created in the above steps. Start with the root certificate first, then each intermediate certificate along the chain and finally the signed server certificate.
