Error when trying to update CA X.509 certificate

Hello,

I'm trying to update the CA X.509 certificate under "Basic Settings > Management > SSL certificates" on SPS as it is expired. I retrieved the certificate in PEM format and his pirvate key, but when I commit the change after having uploaded both of them I receive the following error: The certificate is not a valid CA certificate; cert='ca_cert'

Do you have any idea on why is this happening?

Thank you

0 Darko 1 month ago

Hello Sabino,

This sounds like certificate was created with false extensions attribute.

Open the certificate and under details check the following:

- Under Basic Constraints, is the type of certificate CA

- Under Basic Constraints, is key usage defined as Signing, CRL Signing,...

- Under Certification Path, Certificate should be in its own root chain or an intermediate CA under enterprise root. If it shows up as End Entity, then its not CA certificate.

Best regards,

Darko
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Mahmoud Emad 1 month ago

hello,

please keep sure that you have to upload 2 certificates, one for CA and another one for the SPS certificate.
Certificates should be in PEM format and upload their keys as well.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel