When importing a Certificate Authority or Server/Client certificate the following error displays - "An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled." This document explains how to extract the CA certificate.
Resolving The Problem
When importing a Certificate Authority or Server/Client certificate the following error displays - An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled.
This error indicates that the Root and or Intermediate CA certificate is not in the store and needs to be imported. If the CA certificates are well known CAs, you can follow this procedure on extracting the certificate to be imported on the i5.
1. Open the certificate file on your PC (If the file came as a .txt text file, you must rename the extension to .cer, right click the file, and left click OPEN.):
2. Select the Certification Path tab. This will show the CA certificates in the certification path. The bottom level certificate is the current certificate you are viewing.
3. Left click to highlight the first (top) CA certificate in the list. Left click the View Certificate button, which should open a new certificate window. Left click the Details tab in the new certificate window.
4. Left click the Copy to File... button. This will initiate an export wizard to copy the CA to a file on your PC. On the first screen, click Next. Click the bullet to select Base-64 encoded X.509 (.CER) and click Next.
5. Click Browse on the File to Export screen, select a location on your PC where the file will be saved, assign a name for the file, and click Next.
6. Click Finish. The CA certificate should now be on your PC, ready to be moved to the IFS on the System i and imported into DCM.
7. Follow these same steps for any additional CA certificates in the certification path from the original certificate window and import these CA's (top level CA first) into DCM. For instructions on importing a CA certificate, you should refer to document New, How to Import a CA Certificate into Digital Certificate Manager: .
18 December 2019