Error: "Cannot build a trusted certificate chain for the certificate. Please make sure that you have added all the necessary CA certificates."

book

Article ID: 155724

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

You are attemtping to import a device authentication certificate into Symantec Messaging Gateway and are receiving the error specified above.

You open the device certificate on a Windows machine to check validity, and the certification path back to the root certificate appears to be complete.

 

"Cannot build a trusted certificate chain for the certificate. Please make sure that you have added all the necessary CA certificates."

Cause

The fact that Windows reports a complete certificate chain is misleading. Windows has the ability to automatically download and install missing intermediate certificates.

Resolution

If the list of CA certificates for the CA who has issued your device certificate in SMG does not match those listed in Windows Trusted CA Store, you can do the following:

  1. Export the missing intermediate certificates from Windows in cer format.
  2. Convert to pem format. You can achieve this by simply changing the file extension to .pem.
  3. Import missing intermediate certificates into SMG.

 

 


Applies To

You have renewed your device authentication cerificate and a new certificate has been issued by your Certification Authority (CA).