Jump to content
Server Maintenance This Week. ×

RSA Organization error with attempted certificate import

Dr. Zathras
 Share

This topic is 1483 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Dr. Zathras Enthusiast

Dr. Zathras

Posted
Posted

It's time to renew our FMS 16 SSL certificate.

I generated my certificate request, submitted the application to InCommon through our organization's portal and got back a certificate and intermediate certificate as normal. However, when I tried to import the certs and keyfile I got this error:

Certificate could not be imported

Config_DBServer_CertificateDialog_ErrorCOMODO RSA Organization

Validation Secure Server CA

I used a variant of our organization's name when I generated the cert request which I know is not an exact match to the name we used in our FMS license purchase. Does FMS perform an organization name match when importing an SSL certificate or is this a different error?

Would much appreciate any insight.

Thanks.

Colin Hunter

University of Maryland, Baltimore

Link to comment
Share on other sites
Wim Decorte Grand Master

Wim Decorte

Posted
Posted

Hi Colin,

To renew an SSL cert you do NOT need to generate the certificate request again, normally your vendor will just issue a new cert and you use that plus the original serverKey.pem file to import the new cert.

What you are doing is called 'rekeying' a cert which is different than renewing.  End result is the same except that you're giving yourself more work.

The name on your FM license does not matter at all. FM does not do any kind of checks except to verify that you have the proper passkey that was set when generating the signing request.  The name ownership is validated by the SSL vendor, not by FM.  FM doesn't care what name you put on the SSL cert.

Since you had an cert already, did you try the fmsadmin command line to delete the previous cert, before importing the new one?

Link to comment
Share on other sites
Dr. Zathras Enthusiast

Dr. Zathras

Posted
  • Author
Posted

Hello Wim,

Thank you for your reply.

Yes, I automatically received my new cert a week before the old one expires but my password log book is in my office and the University is in lock-down right now. Anybody found on campus without special permission would be in trouble and I doubt a request to get my serverKey.pem password would qualify. I therefore made a new serverKey.pem/CSR request to get a new certificate for which I had the necessary serverKey.pem password on hand.

I did not try removing the existing cert with fmsadmin before importing the new one - thank you for the suggestion.  I'll try it  this evening after our users have logged off and I can work on the server.

Will send an update one way or the other.

Link to comment
Share on other sites

This topic is 1483 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept