How many levels of Sub-CA chaining are supported in Sentry CA 3.x?
Originally Published: 2001-07-24
Article Number
Applies To
TechNote 0131
Issue
Have the Sub-CA chaining more than 11 levels.
When starting Sentry CA services, the following error message appears:
The secure directory server does not appear to be reachable. Remember that you must start it before attempting to start the Web server. You will be unable to make client-authenticated connections to this server until you restart it with a running directory server.
test.xxxxx.com: error setting default verify locations:
[unable to contact directory server]
Cause
Resolution
For Netscape browsers to correctly follow this chain, all intermediate CAs must have the appropriate netscape_cert_type extension for the given protocol. So for SSL, intermediate CAs MUST have bit 5 (SSL CA) asserted (similarly, for S/MIME, intermediate CAs would need bit 6 - S/MIME CA - asserted). The Root CA does not need this assertion.
Related Articles
IIS Hangs on Restart with Many Application Pools Number of Views How many incorrect password entries are permitted before being locked out of a Luna token? Number of Views 'The search returned too many results. The maximum allowed result set size is 200' Number of Views Many defunct processes (from AceClient v8.1 in radius) when running ps auxf Number of Views How to determine which node of a WildFly cluster should be designated as the Systems Operation Node (SON) in RSA Identity … Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
