This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

This certificate or its signing CA is not valid error when importing a certificate chain in RSA Authentication Manager 8.x Operations Console

Article Number

000031090

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

Issue

After signing the Certificate Signing Request (CSR) from a Certificate Authority (CA), importing the signed certificate chain (p7b file) fails with the error below:
 
There was a problem processing your request.
​This certificate or its signing CA is not valid. Select another certificate to import, and try again.

Image descriptionImage description

The following error is present in the /opt/rsa/am/server/logs/AdminServerWrapper.log:

com.rsa.ims.security.tools.ssl.exception.InvalidCertificateException: Command ended with an error.
keytool error: java.lang.Exception: Input not an X.509 certificate

Resolution

Instead of importing the full certificate chain once in a single p7b file, split the p7b file into multiple cer files and import them one by one. To do this, follow the steps below:
  1. Copy the p7b file to any Windows machine, then double click the file to open it.
  2. On the left panel, expand the p7b container, then click on the Certificates container.
    Image descriptionImage description​​​​​​​
  3. From the right panel, locate and double click the root certificate.
  4. Under the Details panel, click Copy to File...
    Image descriptionImage description
  5. Choose DER encoded binary X.509 (.CER) for the format, then click Next.
    Image descriptionImage description
  6. On the next page click Browse... to choose the export location of the certificate file, then click Next.
    Image descriptionImage description
  7. Repeat steps 3 to 6 for each certificate in the chain (all intermediate certificates and the signed server certificate).
  8. Now login to the Operations Console and import each .cer created in the above steps one by one.
    • If you are importing a Console Certificate, select Deployment Configuration > Certificates > Console Certificate Management > Import Certificate.
    • If you are importing a Virtual Host Certificate, select Deployment Configuration > Certificates Virtual Host Certificate Management > Import Certificate.
  9. Browse and import each of the certificates created in the above steps. Start with the root certificate first, then each intermediate certificate along the chain and finally the signed server certificate.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 12:17 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.