Skip to Content
author's profile photo Former Member
Former Member

Digital signature and a private PKI

Hi dears,

We are here using digital signature with external smartcards, and the certificates stored on the smartcard were signed by an external vendor that is not anymore on the business. As we need new certificates because the old ones are getting expired we are trying now to sign the certificates with our private PKI.

The problem is that even after checking all that came to my mind regarding STRUST, the trust centers, and SSF it is still not working. When we try to sign any document it shows this message:

I have imported the CA certificate to the system pse using STRUST, and checked the digital signature logs, but I cannot find why it is not working, I assume that it is because the system does not see the certificate stored on the smartcards as a valid signed certificate, but I don't know why, as it was signed by the PKI CA, and the public certificate of the CA was imported to the system PSE.

Anyone that knows what else can I check?

ERROR.png (4.0 kB)
Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Dec 08, 2014 at 01:14 PM

    Hi dears, we managed to solve the issue. The problem resided on the PKI configuration, one of the intermediate certification authorities was not authorized to sign other certificates, and the problem was that this intermediate CA was the one signing the certificates for our tokens.

    A new certificate with extended features was created for the intermediate CA and new certificates were generated for our tokens.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Nov 14, 2014 at 02:08 PM

    Hello

    You can check if there are any intermediate CAs. If that is the case, you need to upload root CA of intermediate CAs also.

    Cheers,

    Tapan

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.