on 12-07-2010 1:18 PM
HI All,
If i recreate SSL server PSE from the transaction with exactly the same details as before ,will that become a new certificate or the old PSE will get recreated (I mean will the CSR be same or change sincei need to get it certified by verisign without any extra cost )
For the old PSE when i try to import CSR its returning.I checked with Verisgn tech support and they say everything is fine in both the CSR and the response.
It returns the following error
"Cannot import certificate response
Message no. TRUST037
Diagnosis
The certificate response could not be imported into the PSE. You either selected an incorrect PSE (the certificate response can only be imported into the PSE from which the certificate request was generated), or the certificate response is incomplete.
Procedure
Check whether you selected the correct PSE to import the certificate response. Then you can import the certificate response in the following formats:
As a PKCS#7 package with complete certificate upward path. The PKCS#7 package must be Base64-coded, and have the header line -
BEGIN CERTIFICATE--- and the footer line -
Individual PEM-coded certificates (that is, Base64-coded with the header line -
BEGIN CERTIFICATE--- and the footer line -
As a file with multiple PEM-coded certificates. In this case, the system automatically attempts to build a complete certificate upward path; all certificates not required for this are ignored. If certificates are missing (such as, if you are using an intermediate CA), you can extend the certificate response with additional PEM-coded certificates before the import."
In the workprocess trace file i found the following error Fri Dec 3 18:17:04 2010
Ssf_ParseCertificate: SsfCertfromASN1 failed with rc=12 (ASN.1-Len=4084)
Fri Dec 3 18:17:33 2010
GENER starting inline generation: SSO2ADMW (reason: explicit generation).
Fri Dec 3 18:17:40 2010
GENER starting inline generation: SSO2ADMU (reason: already local generations within LUW)
Hello Madhav,
TRUST037 in most cases means, that the certificate you are trying to import into the PSE does not match the PSE, more precisely, the public keys in the PSE and in the certificate response are not the same.
Did you change the PSE in some way after creating the certificate
request?
In some cases (older support package levels) TRUST037 also refers to the certificate path not being complete. In that case, please proceed as descried in note 508307 and instead of importing the actual certificate response only, please import a combined certificate that contains the CA ROOT certificate as well as all used intermediate
certificates, making up the full certificate path (FCPath):
BEGIN CERTIFICATE
<encrypted part of the actual certificate response>
END CERTIFICATE
BEGIN CERTIFICATE
<encrypted part of the CA ROOT certificate>
END CERTIFICATE
BEGIN CERTIFICATE
<encrypted part of the CA intermediate certificate>
END CERTIFICATE
There can be more than one intermdiate certificate.
The sequence of the certificates should not matter.
I hope this helps you.
Regards,
Blanca
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
24 | |
11 | |
9 | |
7 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.