Jump to content

RSA Organization error with attempted certificate import


Recommended Posts

It's time to renew our FMS 16 SSL certificate.

I generated my certificate request, submitted the application to InCommon through our organization's portal and got back a certificate and intermediate certificate as normal. However, when I tried to import the certs and keyfile I got this error:

Certificate could not be imported

Config_DBServer_CertificateDialog_ErrorCOMODO RSA Organization

Validation Secure Server CA

I used a variant of our organization's name when I generated the cert request which I know is not an exact match to the name we used in our FMS license purchase. Does FMS perform an organization name match when importing an SSL certificate or is this a different error?

Would much appreciate any insight.

Thanks.

Colin Hunter

University of Maryland, Baltimore

Link to post
Share on other sites

Hi Colin,

To renew an SSL cert you do NOT need to generate the certificate request again, normally your vendor will just issue a new cert and you use that plus the original serverKey.pem file to import the new cert.

What you are doing is called 'rekeying' a cert which is different than renewing.  End result is the same except that you're giving yourself more work.

The name on your FM license does not matter at all. FM does not do any kind of checks except to verify that you have the proper passkey that was set when generating the signing request.  The name ownership is validated by the SSL vendor, not by FM.  FM doesn't care what name you put on the SSL cert.

Since you had an cert already, did you try the fmsadmin command line to delete the previous cert, before importing the new one?

Link to post
Share on other sites

Hello Wim,

Thank you for your reply.

Yes, I automatically received my new cert a week before the old one expires but my password log book is in my office and the University is in lock-down right now. Anybody found on campus without special permission would be in trouble and I doubt a request to get my serverKey.pem password would qualify. I therefore made a new serverKey.pem/CSR request to get a new certificate for which I had the necessary serverKey.pem password on hand.

I did not try removing the existing cert with fmsadmin before importing the new one - thank you for the suggestion.  I'll try it  this evening after our users have logged off and I can work on the server.

Will send an update one way or the other.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.