Odd behaviour. CSR created on XG, uploaded to Digicert. New Cert would not apply. Had to use openssl

Question

Hi, can anyone please shed some light on what has just happened. We have an XG. 
 A CSR was created on the XG and used to create a certificate with "Digicert". This was created and downloaded from Digicert and we proceeded to follow the installation procedure but could not get it to be accepted by the XG as valid. We tried all manner of the available Digicert options available, PEM, PEM bundle etc. It would not work - always a red "X" after the "certificate creation successful" message. 
 The CSR is not available for download which I find odd. 
 We still had the tar file and I extracted the .key file from it and used it in conjunction with the PEM bundle from Digicert to create a PFX and password with open ssl that HAS been accepted by the XG. 
 What has happened here? 
 I've never seen this and I am confused. 
 Yes we have a case with Sophos support but they seem to have a response time of several days and I'm just glad I've got this far on my own!

Vishal_R · Answer

Hi Andy Howard1 : The one possibility which I can think as of now for certificate status "X" could be due to "Issuer or CA or Intermediate CA" not present on XG under "Certificate authority" tab from which that cert has been signed and due to that CA chain validation not has been completed and status was showing cross.

Note: If you hover your mouse cursor over X sign you will get the reason for same on XG UI.

As you imported "PFX" and seems it has covered "complete cert chain" including private key and that worked for you as CA chain validation was successful with PFX.

Odd behaviour. CSR created on XG, uploaded to Digicert. New Cert would not apply. Had to use openssl

Top Replies