Hi,
When I try to upload the Root/Intermediate to the CMS I got "unable to get issuer certificate" . I receive my webadmin.csr signed from Customer Internal CA (as webadmin.cer wich i rename to webadmin.crt) and more two root CA files ,
CA01.cer (root ca) and CA02.cer ( intermediate CA) . I followed documentation instrutions and i copy and paste first the intermediate CA to a file and than root CA and leave one line at the
end and copy the file as caroot.crt.
Can someone help me on this , what im doing wrong?
cms01> webadmin certs webadmin.key webadmin.crt caroot.crt
cms01> webadmin enable
SUCCESS: TLS interface and port configured
SUCCESS: Key and certificate pair match
FAILURE: certificate verification error: depth=1
issuer= DC = corp, DC = xxxxxxx, DC = oil, CN = CA01
Verification error: unable to get issuer certificate
Failed cert:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:00:00:00:5e:9c:d3:7a:a6:05:ff:d0:9d:00:01:00:00:00:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: DC=corp, DC=xxxxxxx, DC=oil, CN=CA01
Validity
Not Before: Jun 12 16:56:20 2018 GMT
Not After : Jun 12 17:06:20 2020 GMT
Subject: DC=corp, DC=xxxxxxx, DC=oil, CN=CA02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ad:c3:16:a5:5c:7d:01:cd:0c:55:fe:42:8f:b3:
09:02:a8:18:e2:94:26:17:3c:f0:42:1d:60:ed:7d:
20:d3:f6:d4:31:ad:97:77:21:95:de:e0:57:33:5c:
d9:f3:ff:4c:c4:cb:d5:6f:8e:a0:d6:90:50:4d:2d:
17:57:30:43:2e:00:69:e9:bf:9d:
cms01>
1.2.4 Certificate bundles
A certificate bundle is a single file (with an extension of .pem, .cer or.crt) holding a copy of the
Root CA’s certificate and all intermediate certificates in the chain. The certificates need to be in
sequence with the certificate of the Root CA being last in the certificate bundle. External clients
(for example web browsers and XMPP clients) require the certificate and certificate bundle to
be presented by the Web Bridge and XMPP server respectively, when setting up a secure
connection. If Call Bridge establishes a TLS trunk to a SIP peer, then Call Bridge will need to
presents its certificate and certificate bundle to the SIP endpoint.
You can create a certificate bundle by using a plain text editor such as notepad. All of the
characters including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
tags need to be inserted into the document. There should be no space between the certificates,
for example no spaces or extra lines between -----END CERTIFICATE----- of certificate 1
and -----BEGIN CERTIFICATE----- of certificate 2. At the end of the file there should be 1
extra line. Save the file with an extension of .pem, .cer, or .crt.