https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712849#M42471 Thanks, but I could find nothing in that document that specifically describes how to perform this task with a Windows 2008 CA.<BR /><BR />Here is the problem I run into:<BR /><BR />1) Verify the root CA cert is on the SIM server in the "Computer Account" folder called "Trusted Root Authority Certificates/Certificates" - it is indeed there, as it is on every server we build<BR /><BR />2)Create a new certifcate with my company settings and this replaces the existing one installed by HP SIM<BR /><BR />3) From the "Import Certificate" page, I "Create a Certificate Signing Request" and it creats a "certreq.p10" file<BR /><BR />4) I go to the https://mycaservername//certsrv/certrqxt.asp page and paste in the text from the "certreq.p10" file and select the template we have created for this - this is the same template I use for iLOs (which work fine for us). I download the file a "Base 64 encoded" CRT file.<BR /><BR />5) From the "Import Certificate" page I "Import signed certificate reply from CA" and point it to the "CRT" file created in step 4 above.<BR /><BR />6) When I click the "Import" button as part of step 5 above I get this error:<BR /><BR />"Error importing signed certificate: failed to establish chain of trust from reply; first import CA certificate into Trusted System Certificates list." - as I mentioned in step one, I have already done this.<BR /><BR />So somewhere, must likely in my CA template I am using - the same template I successfully use for iLO 2 and iLO 3 devices, I am doing something wrong.<BR /><BR />So, does anyone have a documented process (i.e. what do I do on the CA server) to make this work for a Windows 2008 CA.<BR /><BR />Thanks<BR />Nelson Mon, 15 Nov 2010 23:44:48 GMT NJK-Work 2010-11-15T23:44:48Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712846#M42468 Does anyone have a documented process for signing the certificate used by SIM with an internal Windows 2008 CA that they would like to share?<BR /><BR />Thanks<BR />Nelson Fri, 12 Nov 2010 18:36:53 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712846#M42468 NJK-Work 2010-11-12T18:36:53Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712847#M42469 I forgot to mention, this would be for SIM 6.2.<BR /><BR />NElson Fri, 12 Nov 2010 18:40:24 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712847#M42469 NJK-Work 2010-11-12T18:40:24Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712848#M42470 Hi Nelson,<BR /><BR />Please find the User Guide @ <A href="http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_userguide_51.pdf" target="_blank">http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_userguide_51.pdf</A><BR /> that has the documentation on how to perform the steps.<BR /><BR />Go to page no. 152 and you can get the details on Certificate related setings.<BR /><BR />Please get back in case of any issue or confusion.<BR /><BR /><BR />Thanks,<BR />Arunav Mon, 15 Nov 2010 05:04:23 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712848#M42470 Arunav Nayak 2010-11-15T05:04:23Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712849#M42471 Thanks, but I could find nothing in that document that specifically describes how to perform this task with a Windows 2008 CA.<BR /><BR />Here is the problem I run into:<BR /><BR />1) Verify the root CA cert is on the SIM server in the "Computer Account" folder called "Trusted Root Authority Certificates/Certificates" - it is indeed there, as it is on every server we build<BR /><BR />2)Create a new certifcate with my company settings and this replaces the existing one installed by HP SIM<BR /><BR />3) From the "Import Certificate" page, I "Create a Certificate Signing Request" and it creats a "certreq.p10" file<BR /><BR />4) I go to the https://mycaservername//certsrv/certrqxt.asp page and paste in the text from the "certreq.p10" file and select the template we have created for this - this is the same template I use for iLOs (which work fine for us). I download the file a "Base 64 encoded" CRT file.<BR /><BR />5) From the "Import Certificate" page I "Import signed certificate reply from CA" and point it to the "CRT" file created in step 4 above.<BR /><BR />6) When I click the "Import" button as part of step 5 above I get this error:<BR /><BR />"Error importing signed certificate: failed to establish chain of trust from reply; first import CA certificate into Trusted System Certificates list." - as I mentioned in step one, I have already done this.<BR /><BR />So somewhere, must likely in my CA template I am using - the same template I successfully use for iLO 2 and iLO 3 devices, I am doing something wrong.<BR /><BR />So, does anyone have a documented process (i.e. what do I do on the CA server) to make this work for a Windows 2008 CA.<BR /><BR />Thanks<BR />Nelson Mon, 15 Nov 2010 23:44:48 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712849#M42471 NJK-Work 2010-11-15T23:44:48Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712850#M42472 Hi, Did you ever figure this out, I've got exactly the same issue.<BR /><BR />Cheers!<BR />Robb. Thu, 16 Jun 2011 08:49:50 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712850#M42472 Robb Howell 2011-06-16T08:49:50Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712851#M42473 No, I gave up.<BR /><BR />Nelson Thu, 16 Jun 2011 12:50:06 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4712851#M42473 NJK-Work 2011-06-16T12:50:06Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4806067#M43959 <P>I have managed to get this working with a W2K8 AD CA.</P><P>&nbsp;</P><P>Before importing the SIM signed certificate, the SIM server needs to be able to establish a chain back to the Root CA. You do this by:</P><P>&nbsp;</P><P>1.&nbsp;Go Options / Security / Credentials / Trusted Systems.</P><P>2. Select the tab "Trusted Certificates"</P><P>3. Import the cert (or certs) of your CA.</P><P>4. Now go back to the HP SIM Server Certificate section and import the&nbsp;signed certificate.</P><P>&nbsp;</P><P>Hope this helps...&nbsp;</P><P>&nbsp;</P><P>Dennis.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Jun 2011 03:55:06 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/4806067#M43959 dgerol 2011-06-29T03:55:06Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/6281929#M57717 I know this is an old post but we had this issue due to downloading just the certificate from our cert server rather than the certificate chain.<BR /><BR />Once we downloaded and imported the certificate chain it worked fine. Tue, 26 Nov 2013 10:08:54 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/6281929#M57717 zeroagemain 2013-11-26T10:08:54Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/6381355#M58259 <P>Hello I'm using HP SIM 7.3 with the exact same issue. I have imported the whole chain&nbsp;into the 'Trusted Certificates' tab. I can see all my certs CA listed in the page.</P><P>&nbsp;</P><P>From the HP Sim Server certificate section, I'm doing&nbsp;import of the signed certificate and get this error :</P><P>&nbsp;</P><P>Error importing signed certificate: failed to establish chain of trust from reply; first import CA certificate into Trusted System Certificates list.</P><P>&nbsp;</P><P>Any help is appreciate.</P><P>&nbsp;</P><P>Stephane</P> Tue, 18 Feb 2014 18:46:31 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/6381355#M58259 StephaneD 2014-02-18T18:46:31Z https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/6479748#M58629 <P>HI HP...feedback from the above post pls?</P> Mon, 19 May 2014 09:32:26 GMT https://community.hpe.com/t5/server-management-systems/sign-sim-certificate-with-internal-ca/m-p/6479748#M58629 EricBu 2014-05-19T09:32:26Z