cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digital signature and a private PKI

Go to solution
Former Member

on ‎11-14-2014 9:00 AM

0 Kudos

Hi dears,

We are here using digital signature with external smartcards, and the certificates stored on the smartcard were signed by an external vendor that is not anymore on the business. As we need new certificates because the old ones are getting expired we are trying now to sign the certificates with our private PKI.

The problem is that even after checking all that came to my mind regarding STRUST, the trust centers, and SSF it is still not working. When we try to sign any document it shows this message:

I have imported the CA certificate to the system pse using STRUST, and checked the digital signature logs, but I cannot find why it is not working, I assume that it is because the system does not see the certificate stored on the smartcards as a valid signed certificate, but I don't know why, as it was signed by the PKI CA, and the public certificate of the CA was imported to the system PSE.

Anyone that knows what else can I check?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-08-2014 1:14 PM
0 Kudos

Hi dears, we managed to solve the issue. The problem resided on the PKI configuration, one of the intermediate certification authorities was not authorized to sign other certificates, and the problem was that this intermediate CA was the one signing the certificates for our tokens.

A new certificate with extended features was created for the intermediate CA and new certificates were generated for our tokens.

Show replies
Show replies
Former Member
‎12-08-2014 1:17 PM
0 Kudos

Hello Diego

That's a great news!!

We were on right track. Anyways, you can set the thread on "Answered" status.

Cheers,

Tapan

Answers (1)

Answers (1)

Former Member
‎11-14-2014 2:08 PM
0 Kudos

Hello

You can check if there are any intermediate CAs. If that is the case, you need to upload root CA of intermediate CAs also.

Cheers,

Tapan

Show replies
Show replies
Former Member
‎11-14-2014 2:11 PM
0 Kudos

Yes, actually the CA is an intermediate CA, then I should upload all the certificates upto the root CA?

Former Member
‎11-14-2014 2:28 PM
0 Kudos

I tried now uplaoding all the certificates from the intermediate to the root CA certificates, but still the same issue.

Former Member
‎11-14-2014 2:28 PM
0 Kudos

Hello

Yes. You need to upload root certificate of Root CA and all Intermediate CAs.

Cheers,

Tapan

Former Member
‎11-14-2014 2:49 PM
0 Kudos

I tried, but still not working, I'm thinking, could it be that I should configure somewhere else which certificate or PSE is the one being read? Or that the PSE certificate should be signed by the PKI too?

Former Member
‎11-14-2014 3:08 PM
0 Kudos

Hello

Can you provide the entire certificate chain here from server certificate to root certificate?

Cheers,

Tapan

Ask a Question