Problem
During the installation of your certificate you can receive this message:
"The server certificate cannot be installed in your server key ring because the signature is from a CA that is not listed as a Trusted Root"
Cause
This error occurs when one of the two following conditions appears:
-
The root and/or intermediate certificate is missing from the key ring file
-
The root and/or intermediate certificate is not trusted in the key ring file
Resolution
To solve this problem, ensure the correct root and intermediate certificate exist in the key ring file. To view the root certificates in the key ring file, perform the following steps:
1. From the Domino Administrator go onto Files tab, then Server certificate admin application
2. Select '3. Install Trusted Root Certificate into Key Ring'
3. Make sure the root and intermediate certificate exist within the list.
For example (VeriSign Certificates):
- Root certificate: Class 3 Public Primary Certification Authority (expires 8/1/2028)
- Secure Site Pro / Premium (global) intermediate certificate: www.verisign.com/CPS. (expires 24/10/2016)
- Secure Site / Standard intermediate certificate: "VeriSign Class 3 Secure Server CA” (expires 18/1/2015)
If these certificates exist, ensure the 'TrustedRoot' field near each certificate states YES. If not, open the certificate information, select ’Trust this certificate' and enter the password for the key ring file.
1. From the Domino Administrator click Files tab and Server certificate admin application
2. Choose '3. Install Trusted Root Certificate into Key Ring'
3. Select 'File' in the 'Certificate Source' field, then you have to enter the file name of the root / intermediate certificate.
4. Click 'Merge Certificate into Key Ring'.
5. Finally, Enter the password for the key ring file and click 'OK'
Repeat steps 3 to 5 for the root and intermediate to install them. Once installed, retry installing your certificate.