• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hello Mike,

 

I created an CSR and the only option that gave me for rsa key was 2048.

Now I got a certificate (again with a 2048 length key) from a local certificate in the organization but I received only one cer file which does not includes the root certificate.

Is this ok?

 

I am asking because you mentioned this

 


@MikeB39 wrote:

if you are getting your host certificate from a local CA within your domain you will most likely not have any intermediate CA certificates.


 

HP Recommended

If you weren't issued a CA cert along with the CMA host cert then you will have a problem. If you try to install the host cert the CMA will complain about not being able to validate the issuer. The normal procedure is to install the CA cert first and then the host cert. 

 

Since we are talking about a local domain certificate you probably have the root CA cert installed on your PC. First you would have to look at the host certificate that was issued to you and find the Issuer field. Then in your PC local certificate store go through the Trusted Root Certificate Authorities list and find the cert that matches the Issuer. Right click on that and export it as a Base-64 encoded X.509 file. Upload that .cer file to the CMA then upload the CMA host certificate you were given.

 

 

HP Recommended

Hello Mike,

 

Your help is tremendous. Thank you very much.

One last note, if for some reason there is an intermediate CA (or more), the procedure is

1) upload the root certificate

2) upload any intermediate certificates

3) upload host certificate

 

Thank you very much again.

HP Recommended

That's the order I do them, yes.

 

 

HP Recommended

After these steps, there is no access to the local user database. Mistake @0@ ???

HP Recommended
Hi Mike, when I upload the root-certificate (local domain), I am getting the message that the certificate is invalid and it must be valid before the CMA will be restarted. This is because the certificate has an incomplete trust chain and the certificate has no associated CRL. But the uploaded certificate is recognized as "Trusted root CA". Can I ignore the message? My next steps are to restart the CMA, upload the host-certificate and restart the CMA again. Am I on the right way? Thank you for your help! Markus
HP Recommended

"Hi Mike, when I upload the root-certificate (local domain), I am getting the message that the certificate is invalid and it must be valid before the CMA will be restarted. This is because the certificate has an incomplete trust chain and the certificate has no associated CRL. But the uploaded certificate is recognized as "Trusted root CA". Can I ignore the message? My next steps are to restart the CMA, upload the host-certificate and restart the CMA again. Am I on the right way? Thank you for your help! Markus"

 

After these actions and reboot, the local user base disappeared. But at the same time authorization works (from somewhere he knows about the users who were in the database)

HP Recommended
Hi ELetyagin, have you also got the message concerning the incomplete trust chain and the not associated CRL? And have you also restarted your CMA between the imports of the root-certificate and the host-certificate? I am not sure... Thank you for sharing your experiences with me!
HP Recommended

Yes!

HP Recommended

Hello Mike,

 

I have the same problem as the rest of the people.

 

I have uploaded a single file containing the root certificate and the intermediate.

The system requested for a reboot and I have rebooted the unit.

 

When the system returned online, I got a message saying "The certificate has an incomplete trust chaing".

 

If I install the root and intermediate certificate in my windows pc, the final certificates turns up fine trusted as it should so I don't think there is a problem with the certs.

 

Also I lost the user database I get the same message @0@, even if I add a user, the new user is not visible.

 

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.