Troubleshooting
Problem
When importing a certificate authority or Server/Client certificate the following error displays in Heritage Digital Certificate Manager:
"An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled."
In Digital Certificate Manager the following error displays:
Message text:
An Error occurred during certificate validation.
The Certificate Authority (CA) certificate containing the public key needed for certificate validation may not exist in the certificate store. If the CA certificate does exist, ensure it is enabled.
This document explains how to extract the CA certificate chain and import it into DCM
Resolving The Problem
This error indicates that the Root and or Intermediate CA certificate is not in the store and needs to be imported first. If the CA certificates are well-known CAs, you can follow this procedure on extracting the certificate to be imported on the IBM i.
1. Open the certificate file on your PC (If the file came as a .txt text file, you must rename the extension to .cer, right-click the file, and left click OPEN.):
2. Select the Certification Path tab. This will show the CA certificates in the certification path. The bottom level certificate is the current certificate you are viewing.
3. Left click to highlight the first (top) CA certificate in the list. Left click the View Certificate button, which should open a new certificate window. Left click the Details tab in the new certificate window.
4. Left click the Copy to File... button. This will initiate an export wizard to copy the CA to a file on your PC. On the first screen, click Next. Click the bullet to select Base-64 encoded X.509 (.CER) and click Next.
5. Click 'Browse' on the 'File to Export' screen, select a location on your PC where the file will be saved, assign a name for the file, and click Next.
6. Click Finish. The CA certificate should now be on your PC, ready to be moved to the IFS on the System i and imported into DCM.
1. Open the certificate file on your PC (If the file came as a .txt text file, you must rename the extension to .cer, right-click the file, and left click OPEN.):
2. Select the Certification Path tab. This will show the CA certificates in the certification path. The bottom level certificate is the current certificate you are viewing.
3. Left click to highlight the first (top) CA certificate in the list. Left click the View Certificate button, which should open a new certificate window. Left click the Details tab in the new certificate window.
4. Left click the Copy to File... button. This will initiate an export wizard to copy the CA to a file on your PC. On the first screen, click Next. Click the bullet to select Base-64 encoded X.509 (.CER) and click Next.
5. Click 'Browse' on the 'File to Export' screen, select a location on your PC where the file will be saved, assign a name for the file, and click Next.
6. Click Finish. The CA certificate should now be on your PC, ready to be moved to the IFS on the System i and imported into DCM.
7. Follow these same steps for any additional CA certificates in the certification path from the original certificate window and import these CA's (top-level CA first) into DCM. For instructions on importing a CA certificate, you should refer to the following documentation:
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CISAA2","label":"Digital Certificate Manager"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Historical Number
591600587
Was this topic helpful?
Document Information
Modified date:
16 August 2022
UID
nas8N1011678