certutil issues
807574Aug 14 2010 — edited Feb 10 2020I am attempting to renew an ssl certitifacte on one of my servers, and was successfully able to renew 3 of the 4 servers that I have to renew certificates on, but I have run into a snag on the last one.
These servers are all running messaging version:
Sun Java(tm) System Messaging Server 6.2-4.03 (built Sep 22 2005)
libimta.so 6.2-4.03 (built 04:37:42, Sep 22 2005)
SunOS mailstore-7 5.10 Generic_137137-09 sun4u sparc SUNW,Netra-240
The command that I ran was
/opt/SUNWmsgsr/sbin/certutil -A -a -d /opt/SUNWmsgsr/config -t "u,u,u" -i /tmp/mailstore-7.cert -n server-cert
The command I ran to verify that the certificate is valid is:
/opt/SUNWmsgsr/sbin/certutil -V -u V -d /opt/SUNWmsgsr/config -n server-cert
This brought back the following message:
certutil: certificate is invalid: Peer's Certificate issuer is not recognized.
I did all the usual troubleshooting, verified that the certificate I was trying to install is in fact the same one that I got from Thawte, and it was. The certutil itself doesn't appear to be logging anywhere so there's nothing in the logs that might give me more information to help further troubleshoot the issue.
The ONLY difference in this server and the servers that I successfully installed the new certificates on is that It is running Solaris 10, where the other ones were Solaris 8. I do not think that would have anything to do with the installation of the certificate.
I have found other posts similar to this in the forum, but they were relating to other operating systems.
I don't have a lot of time before the current certificate expires, I'm hoping that this is easily resolved. Upgrades are not an option at this point.
Thank you in advance for any assistance you can give me in this matter.
Penny