Problem
The following message occurs:
"Store Certificate error - Failed to store the public key certificate into object - Server Certificate name. Returned error code is -1,227. A link with the certificate chain in a server certificate object (also known as the key material object) is missing or invalid."
Cause
It occurs when one of these two conditions is true:
- Root and Intermediate CAs are missing part of the SSL certificate chain file
- X.509 certificate file format is installed on Novell Console One
Resolution
On Novell Console One, run the following steps.
Step 1: Download Root and Intermediate CA Certificate.
To download the Root and Intermediate CA Certificates, click /ROOTS|here
Note: The Root and Intermediate CA certificates must be locally saved on a computer. These certificate files will require a manual installation using Microsoft Internet Explorer browser.
Step 2: Install your CA certificate using Microsoft Internet Explorer browser
1. Open IE
2. Click Tools, Internet Options and Content tab
3. Click Certificates
4. Choose Trusted Root Certification Authorities tab
5. Click Import then the Certificate Import Wizard appears
6. Select Next
7. Click Browse, locate the CA certificate saved on computer (Refer to Step 1: Download the Root and Intermediate CA Certificates above) and Click Open
8. Choose Next
9. Tick the option Place all certificates in the following store: Trusted Root Certification Authorities
10. Click Next then Finish
Step 3: Install Intermediate CA certificates using Microsoft Internet Explorer
1. Open Internet Explorer
2. Click Tools then Internet Options and Content tab
3. Click Certificates
4. Select Intermediate Certification Authorities tab
5. Click Import, the Certificate Import Wizard will appear
6. Select Next
7. Click Browse, then locate the Primary Intermediate CA certificate (e.g. GeoTrust) saved on computer (performed on Step 1: Download the Root and Intermediate CA Certificates above) and Click Open
8. Click Next
9. Choose the option Place all certificates in the following store: Intermediate Certification Authorities
10. Click Next then Finish
11. Repeat step 5-9 to install the Secondary Intermediate CA certificate.
Step 4: Install SSL certificate using Microsoft Internet Explorer
1. Download and save a X.509 certificate file on computer.
2. Open Internet Explorer
3. Click Tools, then Internet Options and Content tab
4. Click Certificates
5. Choose Other People tab
6. Click Import, the Certificate Import Wizard appears
7. Click Next
8. Click Browse, locate the SSL certificate saved on computer, then click Open
9. Select Next
10. Select the option Place all certificates in the following store: Other People
1. Click Next and then Finish
Step 5: Export a PKCS #7 certificate format using Microsoft Internet Explorer
1. Open Internet Explorer
2. Click Tools, Internet Options and Content tab
3. Click Certificates
4. Choose Other People tab
5. Select the SSL certificate, Export and Next
6. Select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B) and manually check the option box for "Include all certificates in the certification path if possible"
7. Click Next and Browse
8. Specify a file name and save the certificate on Desktop
9. Click Save, Next and Finish
Step 6: Install a PKCS #7 certificate file into Novell Console One
1. Go into ConsoleOne, and to the certificate that created the CSR
2. In the Public Key Certificate Tab, select Import
3. Choose No Trusted Root Certificate available
4. Click Next, and then Import the Server Certificate previously created
Note: A warning may appear "The subject name requested when the key pair was generated does not match the subject name in the certificate being stored..." Select OK to bypass this message and import the certificate.
5. Once the certificate is validated, you can use it
Note: If the Validate button is clicked, there may be a warning message regarding the reading of the Certificate Revocation list. This appears to be a problem with ConsoleOne's validator and does not affect the installation of the certificate.
To check if you installed correctly the certificate, go to the Installation Health Checker