SSL Partner Center: Error – Reached the maximum allowed domain count (0) during a reissue.

In the SSL Partner Center client may get the following Error message: Reached the maximum allowed Domain count (0) Causes: This warning message is caused by the following reasons. You are trying to perform a reissue on an SSL Product that does not allow for extra SANs to be added. The CSR you are submitting has SANs within it. You are adding more than the allowed SANS for this certificate product. Resolutions: Here are the possible resolutions to go around this issue.  Generate a new CSR with no SANS within it. Acmetek systems only care about the main common name of the CSR matching up to the main common name (domain name) for the order during reissues. If the initial […]

Read More

Troubleshooting: Apache – AH02238: Unable to configure RSA server private key

When restarting Apache, the following error message may appear: Error: AH02238: Unable to configure RSA server private key Cause: This error occurs when the incorrect private key (.key) and or public key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf) Solution: You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key. To resolve this issue, specify the correct private key for the certificate. To verify that the certificate and private key math, open the httpd.conf or ssl.conf file in a plain text editor. […]

Read More

Troubleshooting: Apache – SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

When restarting Apache, the following error message may appear: [error] mod_ssl: Init: (www.symantec.com:443) Unable to configure RSA server private key (OpenSSL library error follows) SSL Library Error: 185073780 error:0B080074:x509 certificate routines: X509_check_private_key: key values mismatch OpenSSL:error:0B080074:x509 certificate routines:x509_check_private_key:key values mismatch Cause: This error occurs when the incorrect private key (.key) and or publick key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf) Solution: You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key. To resolve this issue, specify the correct private key for […]

Read More

SSL Partner Center: Error – The Certificate Signing Request field allows a maximum of 4000 characters.

In the SSL Partner Center client may get the following Warning message: The Certificate Signing Request field allows a maximum of 4000 characters. You have exceeded the limit. Causes: This warning message is caused by the following reasons. When generating the CSR on a Windows IIS or Exchange system using the Renew.. feature that IIS and Exchange provides causes a glitch  and creates an abnormally long and corrupted CSR that exceeds 4000 characters. The CSR itself was generated with many SAN. This will cause the CSR to be abnormally long reaching the character limit. Resolutions: Resolution will vary depending on its cause. If the CSR was created using the Renew.. feature on a Windows IIS or Exchange system the client […]

Read More

SSL Partner Center: Error – CSR does not contain a wildcard domain as expected.

In the SSL Partner Center client may get the following Warning message: CSR does not contain a wildcard domain as expected. Causes: This warning message is caused by the following reasons. This error is caused when enrolling for a Wildcard SSL certificate product and the CSR that is being submitted within the enrollment Wizard does not have the Wildcard * attribute in the Common Name of the CSR. Resolutions: Resolution will vary depending on its cause. Double check the common name of the CSR with an SSL Certificate CSR checker. Generate a new CSR with a wildcard within the Common Name to enroll for a Wildcard  certificate product. Example: *.acmetek.com If you need a standard SSL certificate for the wildcard […]

Read More

SSL Partner Center: Error – Please use the corresponding Wildcard ordering form to request a Wildcard certificate.

In the SSL Partner Center client may get the following Error message: Please use the corresponding Wildcard ordering form to request a Wildcard certificate. Causes: This warning message is caused by the following reasons. This error is cause when the CSR the client is submitting contains a wildcard within its Common Name. Example: *.acmetek.com, and the product that the client is enrolling in is Not a wildcard product. Resolutions: Double check the common name of the CSR with an SSL Certificate CSR checker. Generate a new CSR without a wildcard within the Common Name to enroll for a standard/SAN certificate. Example: www.acmetek.com If you need a wildcard SSL certificate for the wildcard CSR you are using please contact your account […]

Read More

Troubleshooting: SSL Certificate Browser Errors

Troubleshooting SSL Certificate Web Browser Errors can vary depending on its cause. The following warnings are presented by web browsers when you access a site that has a security certificate installed (for SSL/TLS data encryption) that cannot be verified by the browser. Typically this is from a self signed certificate created by a server system for default encryption. Examples Microsoft Edge: “This site is not secure. This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.”   Internet Explorer: “The security certificate presented by this website was not issued by a trusted certificate authority.” Firefox: “The owner of selfsigned.websecurity.symantec.com has configured their website improperly. To protect […]

Read More

Troubleshooting: Error: “java.lang.Exception: Input not an X.509 certificate.”

This Article consists of advanced troubleshooting to a very problematic issue that comes up with versions of Keytool when installing an SSL certificate. There can be numerous causes for this issue. By all normal means when following SSL Installation Instructions for Tomcat using pkcs7 or SSL Installation Instructions for Tomcat using x.509 the user should have a smooth installation, but user may receive the following error message. Issue: During installation of an SSL Certificate on a Tomcat/jBoss system you may get the following error using keytool: Error: “java.lang.Exception: Input not an X.509 certificate.” Causes: The cause of this error can happen for any of the following reasons. Your version of Tomcat keytool will not accept a pkcs7/.p7b format certificate. The certificate that you are […]

Read More

Troubleshooting: SAP Incomplete FCPath, need certificate of CA, Certificate chain error

During installation of an SSL Certificate on a SAP system you may get the following error: “Incomplete FCPath, need certificate of CA” (CN=VeriSign Class 3 Public Primary Certification Authority – G5, OU=”(c) 2006 VeriSign, Inc. – For authorized use only”, OU=VeriSign Trust Network, O=”VeriSign, Inc.”, C=US) “import_own_cert: Installation of certificate failed” Causes: Why this error can happen is for the following reasons: SAP systems want to see an the entire SSL Certificate Chain during installation of your SSL Certificate. You are not installing a PKCS7 (.p7b) format certificate. Resolutions: If you receive this error when you are installing an SSL Certificate from any CA you must have a complete Master pkcs#7 format certificate that includes the following.. SSL Certificate Intermediate CA *Root […]

Read More

Troubleshooting: “Cannot find the certificate request that is associated with this certificate file.”

In Windows IIS, and Exchange systems you may receive the following error message when attempting the installation of a digital certificate. “The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard.” Or “Cannot Find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.” This error message occurs due to one or a combination of the following: Its a glitch that can happen from time to time on IIS server 2008 series. The certificate file is formatted incorrectly or the wrong extension file is being used for the installation. The CSR for this certificate […]

Read More