Error message "No stored certificate request matches this certificate" displayed when importing CA signed certificate

Article:TECH139516

Created: 2010-09-10

Updated: 2012-04-25

Article URL http://www.symantec.com/docs/TECH139516

Article Type
Technical Solution

Product(s)

Show all

Languages

Show all

Problem

When importing CA signed certificate following error message is displayed: "No stored certificate request matches this certificate", there is a need to troubleshoot this issue.

Solution

When importing CA signed certificate you get the error message "No stored certificate request matches this certificate" and want to troubleshoot it.

The best way to troubleshoot it is to use built-in tool called openssl which is available on Brightmail Gateway appliance, as well as on any linux operating system. As an example let's do it on Brightmail Gateway host. Please do following:

Please note: all example files below are unusable and please don't use them as a practice, please use your own CSR and certificate instead.

1. Make sure you have the actual Certificate Signing Request (CSR) file from the appliance - note you can only see it when creating CSR, so please make sure you save it to safe location, Here example how the contents of the file look like:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBzDCCATUCAQAwgYsxJDAiBgkqhkiG9w0BCQEWFWZZZZZZZZ9saXBza2lAbW9u
eC5ldTEXMBUGA1UEAxMObWFpbDAxLm1vbnguZXUxEDAOBgNVBAgTB0lyZWxhbmQx
DzZZZZNVBAcTBkR1YmxpbjELMAkGA1UEBhMCSUUxCzAJBgNVBAsTAml0MQ0wCwYD
VQQKEwRtb254MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChmgiTNm+5FzpS
gTXvTr7Y4njrJdrF7rZZZZZZZZZZZZZZZZZZZZZZenFHIL+l2Tp8j9IWjPE7pCs5
SdTP9HzhOqxg4IzRHpaIz5LhR8Mbu1S8tMvrPNZqEbCsYsq3JTfPRcy/tJCgXBNx
vzNN784Px74/SMibp0pfAS2mVH4poQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEA
SL7SG4zmBLTgDesLZZZZZZZZZZZZZZZZK9CaCoWwB/eAQ3fdbcSPTuJXjonpGGJw
4TzwXVBl5068cqvtEjI1bEl3WonncajiiA3pprvGp+HXbNNyJtovprWay33Kldms
DhhzSV7ijERdjOVGvnnl09tnZLnQLNtQ9CF3bKfqnqo=
-----END NEW CERTIFICATE REQUEST-----

2. Make sure you have the certificate file generated by Certificate Authority (CA) from the CSR in point 1
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIQS1wGA8JSt8ZZZZZZZZZZZZZZZZZZhkiG9w0BAQUFADCB
yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xQjBABgNV
BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz
L3Rlc3RjYSAoYykwOTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYWwgU2VjdXJlIFNl
cnZlciBDQSAtIEcyMB4XDTEwMDkwOTAwMDAwMFoXDTEwMDkyMzIzNTk1OVowgaEx
CzAJBgNVBAYTAklFMRAwDgYDVQQIEwdJcmVsYW5kMQ8wDQYDVQQHFAZEdWJsaW4x
DTALBgNVBAoUBG1vbngxCzAJBgNVBAsUAml0MTowOAYDVQQLFDFUZXJtcyBvZiB1
c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9jcHMvdGVzdGNhIChjKTA1MRcwFQYDVQQD
FA5tYWlsMDEubW9ueC5ldTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoZoI
kzZvuRc6UoE1ZZZZZZZZZZZZZZZZZZZZZZZLbT/x6SQRwc7SJXpxRyC/pdk6fI/S
FozxO6QrOUnUz/R84TqsYOCM0R6WiM+S4UfDG7tUvLTL6zzWahGwrGLKtyU3z0XM
v7SQoFwTcb8zTe/OD8e+P0jIm6dKXwEtplR+KaECAwEAAaOCAdMwggHPMAkGA1Ud
EwQCMAAwCwYDVR0PBAQDAgWgMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9TVlJU
cmlhbC1HMi1jcmwudmVyaXNpZ24uY29tL1NWUlRyaWFsRzIuY3JsMEoGA1UdIARD
MEEwPwYKYIZIAYb4RQEHFTAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy52ZXJp
c2lnbi5jb20vY3BzL3Rlc3RjYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwHwYDVRZZZZZZZZZZZZZZZZZZZZZZBiy3to7aEGZgbuUwdAYIKwYBBQUHAQEE
aDBmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYIKwYB
BQUHMAKGMmh0dHA6Ly9TVlJUcmlhbC1HMi1haWEudmVyaXNpZ24uY29tL1NWUlRy
aWFsRzIuY2VyMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAh
MB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dv
LnZlcmlzaWduLmZZZZZZZZZZZZZZZZZZZjANBgkqhkiG9w0BAQUFAAOCAQEAZYq3
ZI9mi487cjH6Y2kuOoUReidD2+X7l02rHdnPmeEOuQI+hUSJ6+GoQdV46aV4fN73
+e/c4g7k9tnAESfLBf7JokgKp7MNXh3d06Iejgu+IMsJc4orehlghtIXEvaGLzoq
wUxfw/NqnEGgK45g6M9Q//BLY8WeWSG2FWBeHDRDiE0rQghs9eR8gOPQU2w/gij9
W1Rck95aVbu24A4kXk5qDqD1z+u9zSWX6DIX/wbJhAM6DVxoziIO4ES+A/bOWy+A
193dM9rv3ACKUxtVPG4ZrrzTURrUFmFL02OirejhmO63yUHBm7GwQXQBBc2Ne7RQ
WNcaWUo+PVfA5C2Q5g==
-----END CERTIFICATE-----

3. Login via SSH as 'admin' and activate the support account on Brightmail Gateway appliance using command 'set-support'
4. Copy the CSR and certificate file using SCP/SFTP client like WinSCP to directory /home/support on the appliance
5. Use following command to display contents of CSR: openssl req -text -noout -verify -in cert.csr, where cert.csr is your CSR file.
6. Use following command to display contents of certificate: openssl x509 -in cert.pem -text -noout, where cert.pem is your certificate file
7. Start by comparing sections called "Modulus" and "Expotent" in both CSR and certificate file - they should be identical, otherwise it means most probably certificate has been created from different CSR
8. Look at the section "Subject" in both CSR and certificate to see if there are any differences in the information used to create both CSR and certificate.

TECH154806 Installing Certificate Authority (CA) signed certificates without corresponding Certificate Signing Request (CSR) on Symantec Messaging Gateway (SMG)

TECH185898 Newly updated Symantec Messaging Gateway Control Center HTTPS certificate is not updating for connecting browsers.

Article URL http://www.symantec.com/docs/TECH139516

Error message "No stored certificate request matches this certificate" displayed when importing CA signed certificate

Problem

Solution

Related Articles

Please Sign In

Knowledge Base Search

Knowledge Base Search

MySymantec

MySymantec

Contacting Support

Contacting Support