Register

Forgot Password

Site FAQ

Home > IT Answers > Security > Validation error importing a digital certificate using DCM

Rhoover

40 pts.

Validation error importing a digital certificate using DCM

Digital certificates, iSeries DCM, issuer

While importing a CA digital certificate into the *SYSTEM store using DCM, we received the following error: "An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled." How do we add an issuer to the certificate store?

Software/Hardware used:
iSeries DCM

ASKED: October 7, 2009 4:09 PM

UPDATED: October 9, 2009 6:52 PM

RELATED QUESTIONS

Answer Wiki:

Login to the DCM Select a Certificate Store (default is *SYSTEM) Enter password and continue On the left drop down menu, click on Fast Path Select Work with CA certificates This will display all the current CA (Certificate Authority) and their status. You will see entries like VeriSign, RSA, etc. If the one you are using is listed, change the status to ENABLED by clicking on Enable. If it is not listed, click on Import at the bottom and add the new issuer (Digicert for example)

Last Wiki Answer Submitted: October 7, 2009 11:01 pm by Whatis23

5,665 pts.

All Answer Wiki Contributors: Whatis23

5,665 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Oct 8, 2009 2:36 PM (GMT)

Thanks for the help but that did not solve it. The certificate we are trying to add (Akamai) says it was issued by GTE, which is in the CA store and enabled. Yet we get the same error indicating the issuer is not in the store. I suspect the certificate is somehow corrupted or the GTE CA certificate is not the correct one. Strangely, this GTE CA certificate, which on the website (UPS) we retrieved it from indicated it was issued by GTE, now after importing it into the DCM indicates it was issued by VeriSign. Thanks again – RHoover

Rhoover

40 pts.

POSTED: Oct 9, 2009 6:41 PM (GMT)

Is VeriSign enabled as well in the DCM?
If it is, then then there is a mismatch in the cert.
Double click on the 3 security certs you received to open.
If you’re asked which app to use to open, select Crypto Shell Extensions
Clcik on the Certification Patch tab.
This is where you will see the mismatch names you mentioned.
There is a way to correct it from here but i do not recall how but IBM SERV walked me thru it.

Whatis23

5,665 pts.

POSTED: Oct 9, 2009 6:52 PM (GMT)

Thanks again Whatis23. We found the problem was the method used to export the certs from the web site. It was a multi-path cert and we had to view each individual cert before we clicked the COPY button. Once we did that the certs imported without error and display the correct issuer. Thanks again for the help. – RHoover

Rhoover

40 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags