When attempting to install a certificate after getting it signed, the certificate may not install correctly. You may get a pop-up window that states that you are attempting to install an invalid certificate. The
System Log is not very clear as to why this happened.
The cause may be that the certificate was not signed correctly. One thing that you can do to verify this is to review the certificate you are installing, and look within the details of the certificate. Under the Basic Constraint, verify what the Subject Type is. Often times the certificate is signed wrong. It may signed as an end entity, say a web server, “Subject Type=End Entity”. This will fail install.
Recall, that in order for a resigning to happen, the certificate on the SSL Visibility appliance
has to be a subordinate CA. It must have a Basic Constraint of “Subject Type=CA”. You may also verify that the Certificate Template name is SubCA, as in subordinate CA.
Another cause may be that the certificate that you are trying to install is signed, but it is not from the CSR that you provided. To verify this you can do some checking on the signed certificate and the original CSR that you created on the SSL Visibility appliance
Verify that the CN or Common name are same via the Issue to: field on the General Properties tab of the signed certificate. Also, on the Details tab of signed certificate, within the Subject field, check and see if the details you created within the CSR with and the details of the SCR match.
The Certificate Signing Request must be signed properly as a subordinate CA.
Imported Document ID: 000025291
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.