DCE SSL certificate

Mohamed_Fahmy · ‎2020-08-31

Dears,

In a project the customer prepare SSL certificate when we tried to add it it give us that the DCE does not support Chained certificates so we found a workaround on SE website as link below

https://www.apc.com/us/en/faqs/FA225532/

we followed the steps but we an error on step number 6 as photo below

We tried to add it as *.pem file and as a text but we got the same error that the SSL certificate is invaled.

and the same problem with the NetBotz 450 as the screenshot below

Thanks,

Mohamed

Cory_McDonald · ‎2020-09-11

@Mohamed_Fahmy,

When adding into the trust store you do not need the private key of that certificate. Private keys for the root and intermediary certs should never be imported into any other system for security reasons. You must use the CSR method from DCE to generate the certificate signing request and then get it signed by the CA. There is no way to generate your own cert/private key combo and import them into DCE. After getting the CSR signed, you should be provided with 1 or multiple files that contain the signed server certificate, intermediary certs (if applicable) and the root CA cert.

You should be importing the root cert and intermediary cert ONE at a time, repeating the process for each additional certificate:

-----BEGIN CERTIFICATE-----

....

-----END CERTIFICATE-----

Do not add the server certificate into the Server SSL Certificates section, as that needs to be added after the root and intermediary certs are added. This is done within the desktop client under: System > Server Administration Settings > Web Server > Modify Certificate > Add Certificate. You can then paste in the certificate and add it:

-----BEGIN CERTIFICATE-----

....

-----END CERTIFICATE-----

Regards,

Cory

See Answer In Context

Cory_McDonald · ‎2020-09-11

@Mohamed_Fahmy,

When adding into the trust store you do not need the private key of that certificate. Private keys for the root and intermediary certs should never be imported into any other system for security reasons. You must use the CSR method from DCE to generate the certificate signing request and then get it signed by the CA. There is no way to generate your own cert/private key combo and import them into DCE. After getting the CSR signed, you should be provided with 1 or multiple files that contain the signed server certificate, intermediary certs (if applicable) and the root CA cert.

You should be importing the root cert and intermediary cert ONE at a time, repeating the process for each additional certificate:

-----BEGIN CERTIFICATE-----

....

-----END CERTIFICATE-----

Do not add the server certificate into the Server SSL Certificates section, as that needs to be added after the root and intermediary certs are added. This is done within the desktop client under: System > Server Administration Settings > Web Server > Modify Certificate > Add Certificate. You can then paste in the certificate and add it:

-----BEGIN CERTIFICATE-----

....

-----END CERTIFICATE-----

Regards,

Cory