Error: "The certificate file is not valid." when importing a SMS provider certificate AM8.1 - error importing certificate
2 years ago
Originally Published: 2014-12-11
Article Number
000049910
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: VMware
Platform (Other): null
O/S Version: ESXi 5.0
Product Name: RSA-0010810
Product Description: RSA-0010810
Issue
Error: "The certificate file is not valid."  when importing a SMS provider's certificate
Cause
Incomplete certificate, does not include a valid trusted root. 
incorrect certificate format.  
Resolution
The SMS vendor's  Server certificate will need to be modified on a Windows Vista or newer system. Make sure the Windows system has the latest Microsoft Trusted root certificate list, AND is able to reach the Internet to provision certificates.
Verify the SMS server certificate includes a full path to a trusted root certificate, if it does not, the customer needs to contact the SMS vendor to get all of the certificates in the certification path, as separate files. Install and trust the root into the Windows Trusted root Authority, and also install and trust any intermediate certificates.  
Verify the server certificate now shows a full certification path in Windows.  

Verify the root certificate can be imported into the Security Console; this is not the actual certificate that is needed, but being able to import it successfully is necessary.

Open the SMS Vendor's Server certificate, under the Details tab select "Copy to File..." .
Choose the format:
Base-64 encoded x.509
and save the modified certificate.  Import the modified certificate through the Security Console. 
Notes
This has been seen frequently when Clickatell has replaced certificates with ones that use a different (usually stronger) trusted root certificate. 

Related Articles

Trending Articles

Don't see what you're looking for?