How many levels of Sub-CA chaining are supported in Sentry CA 3.x?
Originally Published: 2001-07-24
Article Number
Applies To
TechNote 0131
Issue
Have the Sub-CA chaining more than 11 levels.
When starting Sentry CA services, the following error message appears:
The secure directory server does not appear to be reachable. Remember that you must start it before attempting to start the Web server. You will be unable to make client-authenticated connections to this server until you restart it with a running directory server.
test.xxxxx.com: error setting default verify locations:
[unable to contact directory server]
Cause
Resolution
For Netscape browsers to correctly follow this chain, all intermediate CAs must have the appropriate netscape_cert_type extension for the given protocol. So for SSL, intermediate CAs MUST have bit 5 (SSL CA) asserted (similarly, for S/MIME, intermediate CAs would need bit 6 - S/MIME CA - asserted). The Root CA does not need this assertion.
Related Articles
'The search returned too many results. The maximum allowed result set size is 200' Number of Views IIS Hangs on Restart with Many Application Pools Number of Views How many incorrect password entries are permitted before being locked out of a Luna token? Number of Views FIM 'Unable to process the AuthnRequest message' in RSA Federated Identity Manager Number of Views Many defunct processes (from AceClient v8.1 in radius) when running ps auxf Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
