Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SSL/Entrust intermedate certificate issue

Former Member
0 Kudos

I have what I hope will be a simple question. Iu2019m trying to get an Entrust Certificate properly imported into my Portal u2013 weu2019ve done this before with our CA but have recently been acquired and need a globally trusted certificate. I generated the CSR and send it to Entrust. I get back two certificates the response and the chain. I import the response and when I access the Portal it tells me there is a problem with the certificate. It shows the certificate to be from Entrust; however it appears the chain is missing u2013 presumably the intermediary certificate. If I import the chain certificate into the client browser it works fine; however it is not something we want to do for 10k desktops. Iu2019ve tried to import the chain certificate in the server but have had no success.

Please tell me what Iu2019m missing. Thanks in advance.

/Greg

1 ACCEPTED SOLUTION

Former Member
0 Kudos

take a look at this post.

6 REPLIES 6

Former Member
0 Kudos

Hi,

The CA and sub CA certificates need to be imported in the web browsers repoitories, that's the way it works.

Usually the import in each PC is automated through teledistribution.

That is also why the main CA have a near monopoly : because their certificates are already in the browsers repository.

Regards,

Olivier

cris_hansen
Advisor
Advisor
0 Kudos

Hi Greg,

As already mentioned here, the CA certificates usually are automatically updated via OS updates (or web browser updates, e.g. Firefox case).

If you are sure that there is a problem within the certificate from the CA you are using, maybe you can follow this [Wiki|http://wiki.cacert.org/BrowserClients#Import_into_Microsoft_Windows_for_multiple_users].

At least I hope you have a tool like SMS or something else to manage those 10k computers...

Best regards,

Cristiano

Former Member
0 Kudos

Greg.

I was struggling with this same issue and was going back and forth between Entrust and SAP support. Finally, I found this article that helped me import the chain and root certificates. Note 694290 - SAP J2EE: react on expiration of VeriSign CA certificates

You do not need to import the crt file into every workstation if you have the root and chain certs in place.

Hope this helps.

Jake

Former Member
0 Kudos

I knew that i am asking on an old post... trying my luck.

I too have the same problem. I had gone through note#694290. I have a signed response, Intermediate & Root cert.

But if i follow note694290, i have to start from exporting existing private key and its associate chained certificate.

But how do i import signed response without the private key getting deleted on the to same entry? Even though i come up with different name for importing signed response, then how does this gets associated with original private key?

I hope you got my question here.. Any ideas on this .. please help.

Thanks.

0 Kudos

This message was moderated.

Former Member
0 Kudos

take a look at this post.