How can I Troubleshoot a Digital Certificate?

Troubleshooting digital certificates.

Certificate Chaining Procedures
A chained cert is one file that contains all of the certs either in forward or reversed order. That is your server cert, the intermediate cert(s), and the root cert. Depending on what format you need, using a text editor, you'll want to combine the certificate files.

Basic certificate

X509 Certificate only, Base64 encoded:
  • Server

Intermediate certificate (choose one)

X509 Intermediates/root only, Base64 encoded:
  • AddTrust External CA Root
  • USERTrust RSA Certification Authority
  • InCommon RSA Server CA
X509 Intermediates/root only Reverse, Base64 encoded:
  • InCommon RSA Server CA
  • USERTrust RSA Certification Authority
  • AddTrust External CA Root

Verify the certificate

You can check the certs using the OpenSSL:
openssl x509 -in "filename.cer" -text -noout

Or using an online certificate decoder:
https://sectigostore.com/ssl-tools/cert-decoder.php

Notes

Please note that each individual certificate must begin with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----"

You'll see that the Intermediate/root certs have two certs each wrapped in its own BEGIN and END statement.

CER files are actually in PEM format -- no conversion needed.

If you need to covert the PEM to a PKCS with the key use this OpenSSL command.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

In order to use the command above, you'll need the key file that Chad used to create the CSR on July 11th. If that key file is no longer accessible then you'll have to create a new CSR with a new key and send us the CSR so that we can generate a new cert. Your key is private and we do not need it to create your cert.




Keywords:ssl tls digital certificate x509 pkcs cer pem troubleshooting, SSL/TLS Certificates   Doc ID:93740
Owner:Jason R.Group:University of Illinois at Chicago ACCC
Created:2019-08-09 14:37 CSTUpdated:2019-08-20 16:10 CST
Sites:University of Illinois at Chicago ACCC
CleanURL:https://answers.uillinois.edu/digital-certificate-troubleshooting
Feedback:  0   0