Skip to Content
avatar image
Former Member

Imported private key has the key chain in the wrong order.

Hi Guys,

We have imported a new private key which has been signed by both an intermediate and root certificate authority. When imported in the visual administrator the Root CA is in CA[1] and the Intermediate CA is in CA[2] (Shown below with all sensitive information removed), this is causing the server validating the key to reject the communication.

I've tried loading the key without the CA's then loading them as per [https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1413] [original link is broken] [original link is broken] [original link is broken]; but it didn't work.

Could anyone please explain how to reverse the order of CA[1] and CA[2]?

Kind regards,

John

PRIVATE KEY

[ creationDate ]: Wed Jul 16 11:07:14 BST 2008

[ algorithm ]: RSA

[ format ]: PKCS#8

CA[0]:

[ DN ]: O=removed,CN=removed@removed,EMAIL=removed-removed.com

[ issuerDN ]: CN=removed,OU=Private CA,O=Removed,C=IE

[ validNotBefore ]: Tue Jun 17 01:00:00 BST 2008

[ validNotAfter ]: Thu Jun 18 00:59:59 BST 2009

[ signAlgorithm ]: sha1WithRSAEncryption (1.2.840.113549.1.1.5)

[ fingerprint ]: removed

[ subjectKeyIdentifier ]: removed

[ publicKey ]:

[ algorithm ]: RSA

[ format ]: X.509

CA[1]:

[ DN ]: CN=Private CA Name,OU=Private Root CA,O=Private,C=IE

[ issuerDN ]: CN=Private CA Name,OU=Private Root CA,O=Private,C=IE

[ validNotBefore ]: Thu May 31 01:00:00 BST 2007

[ validNotAfter ]: Wed May 31 00:59:59 BST 2017

[ signAlgorithm ]: sha1WithRSAEncryption (1.2.840.113549.1.1.5)

[ fingerprint ]: Removed

[ subjectKeyIdentifier ]: Removed

[ publicKey ]:

[ algorithm ]: RSA

[ format ]: X.509

CA[2]:

[ DN ]: CN=Private CA Name,OU=Private CA,O=Private,C=IE

[ issuerDN ]: CN=Private CA Name,OU=Private Root CA,O=Private,C=IE

[ validNotBefore ]: Thu May 31 01:00:00 BST 2007

[ validNotAfter ]: Thu May 31 00:59:59 BST 2012

[ signAlgorithm ]: sha1WithRSAEncryption (1.2.840.113549.1.1.5)

[ fingerprint ]: removed

[ subjectKeyIdentifier ]: removed

[ publicKey ]:

[ algorithm ]: RSA

[ format ]: X.509

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jul 17, 2008 at 10:46 AM

    Instead of loading them using "Load button", try importing it using "Import CSR Response" button

    Regards,

    Prateek

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Just realised this is marked unanswered and I had solved the problem.

      Exported the Imported key saving as a PK8. Saved the key, the public cert then the public certs of the two CAs.

      Each is saved as a seperate file so I numbered them 1, 2, 3 & 4

      Re-imported the key in the sequence 1, 2, 4, 3

      Problem solved.

      John