- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-03-2019 08:57 AM
I've gerenated a CSR to give my enterprise CA. Now, I've recieved the enterprise CA-signed certificate ann imported it onto the firewall.
The status reads "valid". The "Key" box is checked, however the "CA" box isn't.
Also, when I select the certificate, the option for "Forward Trust Certificate" is grayed out.
Did I do something incorectly when generating the CSR?
Or, did the enterprise CA not provide the proper authority?
Is there something I can do to correct this, or do I have to generate another CSR?
09-03-2019 11:30 AM
Hello there.
The enterprise CA is the issue.
It needs to sign the CSR, but also allow that new cert to have subordinate or intermediate certication authority.
then, when the new cert is imported, it will have the correct CA flag to do your decryption.
If it is a windows machine that is the DC/Cert Authority, choose option to submit an advanced certificate request, and then confirm that "subordinate certifcation authority is chosen" is chosen.
Let us know if this answers your questions.
09-03-2019 11:30 AM
Hello there.
The enterprise CA is the issue.
It needs to sign the CSR, but also allow that new cert to have subordinate or intermediate certication authority.
then, when the new cert is imported, it will have the correct CA flag to do your decryption.
If it is a windows machine that is the DC/Cert Authority, choose option to submit an advanced certificate request, and then confirm that "subordinate certifcation authority is chosen" is chosen.
Let us know if this answers your questions.
12-23-2021 03:54 AM
Hey, finally how to fix the issue?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!