IBM Support

When Certificate Import Fails, Issuer Not in the Store

Troubleshooting


Problem

When importing a Certificate Authority or Server/Client certificate the following error displays - "An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled." This document explains how to extract the CA certificate.

Resolving The Problem

When importing a Certificate Authority or Server/Client certificate the following error displays - An error occurred during certificate validation. The issuer of the certificate may not be in the certificate store or the issuer may not be enabled.

This error indicates that the Root and or Intermediate CA certificate is not in the store and needs to be imported. If the CA certificates are well known CAs, you can follow this procedure on extracting the certificate to be imported on the i5.

1. Open the certificate file on your PC (If the file came as a .txt text file, you must rename the extension to .cer, right click the file, and left click OPEN.):

Certificate General tab

2. Select the Certification Path tab. This will show the CA certificates in the certification path. The bottom level certificate is the current certificate you are viewing.

Certificate Certification Path tab

3. Left click to highlight the first (top) CA certificate in the list. Left click the View Certificate button, which should open a new certificate window. Left click the Details tab in the new certificate window.

Details tab on new CA

4. Left click the Copy to File... button. This will initiate an export wizard to copy the CA to a file on your PC. On the first screen, click Next. Click the bullet to select Base-64 encoded X.509 (.CER) and click Next.

Certificate Export Wizard showing Base 64

5. Click Browse on the File to Export screen, select a location on your PC where the file will be saved, assign a name for the file, and click Next.

Certificate Export Wizard, file name

6. Click Finish. The CA certificate should now be on your PC, ready to be moved to the IFS on the System i and imported into DCM.

7. Follow these same steps for any additional CA certificates in the certification path from the original certificate window and import these CA's (top level CA first) into DCM. For instructions on importing a CA certificate, you should refer to document New, How to Import a CA Certificate into Digital Certificate Manager: Database 'DCF Technotes (IBM i)', View 'Products', Document 'How to Import a CA Certificate into Digital Certificate Manager'.

Certificate Export Wizard final screen.

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"5.4.5;6.1;6.1.1;7.1;5.4.0;5.4.5;6.1.0;6.1.1;7.1.0","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SSC3X7","label":"IBM i 6.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSC52E","label":"IBM i 7.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]

Historical Number

591600587

Document Information

Modified date:
18 December 2019

UID

nas8N1011678