Validation error importing a digital certificate using DCM

40 pts.
Digital certificates
While importing a CA digital certificate into the *SYSTEM store using DCM, we received the following error: "An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled." How do we add an issuer to the certificate store?

Software/Hardware used:
iSeries DCM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Login to the DCM
Select a Certificate Store (default is *SYSTEM)
Enter password and continue
On the left drop down menu, click on Fast Path
Select Work with CA certificates
This will display all the current CA (Certificate Authority) and their status. You will see entries like VeriSign, RSA, etc. If the one you are using is listed, change the status to ENABLED by clicking on Enable.

If it is not listed, click on Import at the bottom and add the new issuer (Digicert for example)

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Rhoover
    Thanks for the help but that did not solve it. The certificate we are trying to add (Akamai) says it was issued by GTE, which is in the CA store and enabled. Yet we get the same error indicating the issuer is not in the store. I suspect the certificate is somehow corrupted or the GTE CA certificate is not the correct one. Strangely, this GTE CA certificate, which on the website (UPS) we retrieved it from indicated it was issued by GTE, now after importing it into the DCM indicates it was issued by VeriSign. Thanks again - RHoover
    40 pointsBadges:
  • Whatis23
    Is VeriSign enabled as well in the DCM? If it is, then then there is a mismatch in the cert. Double click on the 3 security certs you received to open. If you're asked which app to use to open, select Crypto Shell Extensions Clcik on the Certification Patch tab. This is where you will see the mismatch names you mentioned. There is a way to correct it from here but i do not recall how but IBM SERV walked me thru it.
    5,665 pointsBadges:
  • Rhoover
    Thanks again Whatis23. We found the problem was the method used to export the certs from the web site. It was a multi-path cert and we had to view each individual cert before we clicked the COPY button. Once we did that the certs imported without error and display the correct issuer. Thanks again for the help. - RHoover
    40 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: