CKB:The requested public SSL certificate cannot be imported: Unterschied zwischen den Versionen
(Imported from text file) |
Keine Bearbeitungszusammenfassung |
||
| Zeile 16: | Zeile 16: | ||
== Solution: == | == Solution: == | ||
Export the private key from the keystore used for the creation of the CSR file and import it together with the requested SSL certificate into a new keystore. | Export the private key from the keystore used for the creation of the CSR file and import it together with the requested SSL certificate into a new keystore. | ||
1. open the existing keystore used for the generating of the CSR file | |||
2. klick with the right mouse button on the entry in the keystore | 2. klick with the right mouse button on the entry in the keystore | ||
3. open the menu entry 'Export --> Export Private Key' | 3. open the menu entry 'Export --> Export Private Key' | ||
[[File:9207984.png]] | [[File:9207984.png]] | ||
4. save the private key in OpenSSL format to your local machine | 4. save the private key in OpenSSL format to your local machine | ||
[[File:9207985.png]] | [[File:9207985.png]] | ||
[[File:9207986.png]] | [[File:9207986.png]] | ||
5. create new Java-Keystore of type '''JKS''' | 5. create new Java-Keystore of type '''JKS''' | ||
[[File:9207974.png]] | [[File:9207974.png]] | ||
[[File:9207973.png]] | [[File:9207973.png]] | ||
6. impot the available SSL certificate | |||
6. impot the available SSL certificate | |||
[[File:9207972.png]] | [[File:9207972.png]] | ||
7. select the certificate format, e.g. pkcs12 (.pfx) or OpenSSL (.crt, .cer, .pem) | |||
7. select the certificate format, e.g. pkcs12 (.pfx) or OpenSSL (.crt, .cer, .pem) | |||
[[File:9207989.png]] | [[File:9207989.png]] | ||
[[File:9207991.png]] | [[File:9207991.png]] | ||
[[File:9207992.png]] | [[File:9207992.png]] | ||
8. import and check the certificate chain | 8. import and check the certificate chain | ||
[[File:9207970.png]] | [[File:9207970.png]] | ||
[[File:9207969.png]] | [[File:9207969.png]] | ||
[[File:9207968.png]] | [[File:9207968.png]] | ||
9. save the keystore | |||
9. save the keystore | |||
[[File:9207967.png]] | [[File:9207967.png]] | ||
10. use the default password ''''CA0AZhuFM4NogQh'''', to save the Keystore | |||
10. use the default password '<nowiki/>'''CA0AZhuFM4NogQh'''', to save the Keystore | |||
[[File:9207966.png]] | [[File:9207966.png]] | ||
11. install the created keystore on the Cryptshare server [https://wiki.cryptshare.com/display/CSM/Setting+up+an+SSL+Certificate#SettingupanSSLCertificate-InstallingtheKeystoreontheCryptshareServer Setting up an SSL Certificate#InstallingtheKeystoreontheCryptshareServer] | 11. install the created keystore on the Cryptshare server [https://wiki.cryptshare.com/display/CSM/Setting+up+an+SSL+Certificate#SettingupanSSLCertificate-InstallingtheKeystoreontheCryptshareServer Setting up an SSL Certificate#InstallingtheKeystoreontheCryptshareServer] | ||
----- | ----- | ||
Version vom 14. Januar 2022, 14:13 Uhr
Applies to:
Symptom:
The requested SSL certificate cannot be imported into the keystore with the following error:
- English: Could not establish trust for the CA Reply.
- German: Vertrauenskette für die CA Antwort konnte nicht erstellt werden.
Cause:
The information in the SSL certificate from the CA doesn't match the information in the sent CSR.
Solution:
Export the private key from the keystore used for the creation of the CSR file and import it together with the requested SSL certificate into a new keystore.
1. open the existing keystore used for the generating of the CSR file
2. klick with the right mouse button on the entry in the keystore
3. open the menu entry 'Export --> Export Private Key'
4. save the private key in OpenSSL format to your local machine
5. create new Java-Keystore of type JKS
6. impot the available SSL certificate
7. select the certificate format, e.g. pkcs12 (.pfx) or OpenSSL (.crt, .cer, .pem)
8. import and check the certificate chain
9. save the keystore
10. use the default password 'CA0AZhuFM4NogQh', to save the Keystore
11. install the created keystore on the Cryptshare server Setting up an SSL Certificate#InstallingtheKeystoreontheCryptshareServer