cancel
Showing results for 
Search instead for 
Did you mean: 
cetesbaiar
Level 7

Importing Certificate from a Two Tier PKI

Jump to solution

Hi, I've followed the article:

McAfee KnowledgeBase - How to create and import a Microsoft subordinate certificate authority (Sub C...

Trying to import to WebGateway my Enterprise Certificate, it returns an error:

import_error.PNG

I have a two tier PKI, and the error shows the root CA but not the Sub CA on the Configured chain error.

The certificate I've imported has the entire chain:

chain_cert.PNG

When creating a certificate I've took care of choose "import all the certificates in the chain...".

The request was made on the Subordinate CA, not on the Root CA.

Someone has faced this trouble? Someone has imported a chain of Two Tier PKI with no problem?

Thanks a lot for help!

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Importing Certificate from a Two Tier PKI

Jump to solution

Hi Cetesvaiar,

This should work, I've done it a million times, the trick is getting the right order.

You should really only need to import the intermediate CA when importing the certificate.

If you open the files in notepad++ (yes notepad++), separate the files into their own.

FILE1.crt:

--------begin certificate--------

....

--------end certificate--------

FILE2.crt:

--------begin certificate--------

....

--------end certificate--------

Open the .crt files, which ever is the intermediate, use that file to import when the MWG CA.

Best Regards,

Jon

3 Replies
McAfee Employee

Re: Importing Certificate from a Two Tier PKI

Jump to solution

Hi Cetesvaiar,

This should work, I've done it a million times, the trick is getting the right order.

You should really only need to import the intermediate CA when importing the certificate.

If you open the files in notepad++ (yes notepad++), separate the files into their own.

FILE1.crt:

--------begin certificate--------

....

--------end certificate--------

FILE2.crt:

--------begin certificate--------

....

--------end certificate--------

Open the .crt files, which ever is the intermediate, use that file to import when the MWG CA.

Best Regards,

Jon

cetesbaiar
Level 7

Re: Importing Certificate from a Two Tier PKI

Jump to solution

thank u Jon,

I'll try and post the results.

0 Kudos
cetesbaiar
Level 7

Re: Importing Certificate from a Two Tier PKI

Jump to solution

Jon,

I'v just edited the chain.pem file, there was only a rootCA certificate on this file, I've just put the Subordinate CA on this file and all its ok.

Now I'll try to put the ssl scanner on the way!!

Thank you for help!

0 Kudos