After signing the Certificate Signing Request (CSR) from a Certificate Authority (CA), importing the signed certificate chain (p7b file) fails with the error below:
There was a problem processing your request.
This certificate or its signing CA is not valid. Select another certificate to import, and try again.
The following error is present in the /opt/rsa/am/server/logs/AdminServerWrapper.log:
com.rsa.ims.security.tools.ssl.exception.InvalidCertificateException: Command ended with an error.
keytool error: java.lang.Exception: Input not an X.509 certificate
Instead of importing the full certificate chain once in a single p7b file, split the p7b file into multiple cer files and import them one by one. To do this, follow the steps below:
- Copy the p7b file to any Windows machine, then double click the file to open it.
- On the left panel, expand the p7b container, then click on the Certificates container.
- From the right panel, locate and double click the root certificate.
- Under the Details panel, click Copy to File...
- Choose DER encoded binary X.509 (.CER) for the format, then click Next.
- On the next page click Browse... to choose the export location of the certificate file, then click Next.
- Repeat steps 3 to 6 for each certificate in the chain (all intermediate certificates and the signed server certificate).
- Now login to the Operations Console and import each .cer created in the above steps one by one.
- If you are importing a Console Certificate, select Deployment Configuration > Certificates > Console Certificate Management > Import Certificate.
- If you are importing a Virtual Host Certificate, select Deployment Configuration > Certificates > Virtual Host Certificate Management > Import Certificate.
- Browse and import each of the certificates created in the above steps. Start with the root certificate first, then each intermediate certificate along the chain and finally the signed server certificate.