ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Error: Certificate is not a valid CA certificate in SSL Visibility Appliance
Article ID: 168457
SSL Visibility Appliance Software
You are trying to upload a public and private keypair, or complete the upload of a CSR that was created by the SSL Visibility Appliance and signed by a CA for use as a Resigning Certificate Authority, and encounter this error.
The certificate was not created as an intermediate Certificate Authority.
View the certificate so that you can review the details. If necessary, change the .pem extension to .cer, which Windows will recognize as a certificate, so you can open the file in Windows, and view or interact with the certificate.
View the Details tab, and ensure that there is a section called Basic Constraints, with a value of CA=True.