HPE Community
Server Management (Insight Manager 7)
1824169 Members
3195 Online
109669 Solutions
New Discussion юеВ

Unable to extract the certificate from the imported PKCS #7 file

 
SOLVED
Go to solution
Dale Shaw
Occasional Contributor

тАО10-26-2003 05:49 PM

тАО10-26-2003 05:49 PM

Unable to extract the certificate from the imported PKCS #7 file

Hi,

I'm getting the above message in my CPQHMMD.LOG file when I try to import a certificate in the web agent. I get the following error in the web browser when attempting the import:

PKCS #7 Certificate Import Error

The Certificate could not be imported from the supplied PKCS #7 data.

Check the following:
- Make sure that the input text was base64 encoded PKCS #7 data (not an actual certificate).
- Make sure that the input PKCS #7 data was intended for this server (not another server).

I'm using Win2K Certificate Services and all I did was generate the request (PKCS #10), submit it to the CA, issue the cert then download the Base64-encoded certificate and tried to paste its contents into the "PKCS #7 Data" field. I'm pretty sure that's where I'm going wrong as that's the actual certificate data I'm pasting in.

The question is, how do I get my grubby mits on the PKCS #7 data the web agent wants?
0 Kudos
2 REPLIES 2
JoopNL
Advisor

тАО10-27-2003 09:42 PM

тАО10-27-2003 09:42 PM

Solution

Re: Unable to extract the certificate from the imported PKCS #7 file

I was having the same problem, after quite a while of searching if found the solution in the Help of the Agent :-)

Quote:

-----------------------------------
Problem: Why can't import X.509 certificates directly into Management HTTP Server?

Solution: Management HTTP Server generates Certificate Request in base64 encoded PKCS#10 format. This Certificate request should be supplied to the Certificate authority. Most Certificate authorities will return a Base 64 encoded PKCS#7 Certificate data that you can import directly into Management HTTP Server through the options page.

If the Certificate authority returns the certificate data in x.509 format, then you can rename the X.509 certificate file as cert.pem and place it into c:\compaq\wbem directory. When Management HTTP Server is restarted, this certificate will be used.
-----------------------------------

The procedure you need to follow:
In the Win2K CertMgr, open the created cert, on the second TAB copy the cert to a file (select the "base64 encode X.509" format), copy the file to C:\compaq\wbem on the server en rename it to cert.pem. I had to reboot the server for it to take effect, restaring the services did not work somehow.

Good Luck.
Dale Shaw
Occasional Contributor

тАО10-27-2003 10:01 PM

тАО10-27-2003 10:01 PM

Re: Unable to extract the certificate from the imported PKCS #7 file

Thanks, that worked. I renamed the certificate to cert.pem and copied it to c:\compaq\wbem. Like you, simply restarting the 'HP Insight Web Agent' service didn't appear to cause it to re-read the certificate, so I also restarted the 'Version Control Agent' service first and that did the trick (no reboot req'd).

So I guess Win2K Certificate Services does not provide a 'PKCS #7 Certificate Reply' message - just actual certificate data.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.