Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 3 answers
  • Subscribers 30 subscribers
  • Views 35184 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding a Windows Server CA to the CA List

Sandy Millar

Hi All

I am new to XG and having certificate issues.

I want to be able to add my own Windows Server Certificate Authority to the XG.  The Windows CA is the root for my environment.  I have used the Windows Server CA web admin to download the CA certificate, however I cannot get the XG to accept the certificate no matter what option I use. I get this error "Certificate Authority could not be uploaded". 

I am also having trouble importing commercial host certificates (DigiCert), including certificates that used a CSR created on the XG.  I have tried to update their CA certificates but have the same issue as with the Windows CA.

I have tried all manner of certificate formats, without luck.  It is like the whole certificate service is broken, or I don't have the correct rights to perform certificate functions.  All the different certificates I have tried all import into Windows and Linux hosts are appear to work fine.

I am using version XG 16.01.0 running in Hyper-V.

Can anyone please advise.

Thanks in advance

 



This thread was automatically locked due to age.
  • 0 in reply to Sandy Millar

    Genius Sandy! I was using Firefox as well. Tried Chrome and imported the CA certs and my own SSL cert without any dramas. Definitely an issue with using XG and Firefox.  

  • 0

    Another issue I just resolved trying to do this, be sure that the CA is in DER (binary-encoded) format, not CER (Base64 encoded, the way most certs come from support pages for public CAs!). CER encoding will give the same mysterious "Certificate Authority could not be uploaded".

     

    Sophos, maybe add CER support to the CA import option?

  • 0 in reply to Sandy Millar

    hello

     

    I have the same issue and i was using Firefox and I tried chrome and explorer and I am getting the same results

    please I need your help

     

    I followed the following steps:

    1) from my CA server, I opened the certificates MMC

    2) I right click the CA certificate>all tasks>export>next> next (no, do not export the private key)> next (Der encoded binary ...)> select file name and location> export completed successfully

    3) I right click the CA certificate>all tasks>export>next> next (yes, export the private key)> next (Personal Information Exchange (tried all options))> next(password and confirm password) >select file name and location> export completed successfully

    4) on my XG certificates> certificate Authorities> Add> name, format(DER), browse the certificate, browse the Key, enter the password specified in step number 3, > save

    and i always got the same error message

    what is the solution pleeeeeease

    best regards

  • 0 in reply to Suleiman

    MrSuleiman,

    in steps 2 it seems you are exporting Certificate and not Certificate Authority. Send me a PM if you need help.

  • 0

    Admins, Mods, whoever is reading this thread.

    There is a must that you should follow, certificate should have .crt extension and private key should be .key
    I've tried several times to import with no luck, with erros like "Attached certificate authority is invalid. Please choose a valid certificate authority."
    And the resolution was like above, to change extension, maybe a good idea is to add .pem extension to js validation in web form, or whatever is necessary.