Certificate Chain Cannot Be Validated When Importing Signed Certificate

Certificate Chain Cannot Be Validated When Importing Signed Certificate

21891
Created On 04/30/19 05:24 AM - Last Modified 04/30/19 17:31 PM


Symptom
Failed to import the public certificate with an error "Certificate chain cannot be validated. Required CAs not found."

Environment
Certificate Signing Request (CSR) generated in the firewall and sent to public certificate authority.
The Certificate Authority (CA) is not listed in the Default Trusted Certificate Authorities.
All Root CA and Intermediate Root CA certificates are imported to the firewall under Device Certificates (complete certificate chain).


Cause
Check under Device > Certificate Management > Certificates > Device Certificates > Name column to check for any of the following:
- Root CA certificate name contains spaces, and/or
- Intermediate Root CA certificate name contains spaces


Resolution
NOTE: Ensure that original certificate files (Root CA and Intermediate Root CA) exist in the client machine, or export them from the firewall before deleting them.

– Delete Root CA and Intermediate Root CA certificate that have spaces on their names.
– Re-import the certificates in the correct sequence (Root CA > Intermediate Root CA), and use hyphens or underscores to replace spaces.
– Complete the certificate request process by importing the public certificate (ensure the correct certificate name).
– Verify if the certificates form a certificate chain under Device > Certificate Management > Certificates > Device Certificates.
 


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLs7CAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language