Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

SBG 7.7 certificate error

Updated: 21 May 2010 | 6 comments
doni's picture
doni
0 0 Votes
Login to vote
This issue has been solved. See solution.

We finally moved SBG 7.7.0-17 into prod this weekend, discontinuing our old SMS SMTP 5.0.1. I revoked the Verisign SSL cert from SMS and reissued it with a CSR from SBG. It imported fine and shows up under Certificates settings correctly. However, when I try to select it under Control Center settings, I receive the error: "Cannot build a trusted certificate chain for the certificate. Please make sure that you have added all the necessary CA certificates."

 

?

discussion Filed Under:
,

Comments

doni's picture
10
Nov
2008
0 Votes 0
Login to vote
doni

Thanks to Symantec support for the quick resolution:

 

Apparently SBG doesn't ship with the latest Intermediate CA cert from Verisign. To get a Verisign cert working properly, an updated Intermediate CA cert needs to be imported into Administration --> Certificates --> Certificate Authorit. These certs are publically available for download from Verisign; in my case, I chose the one for a Non-EV Secure Site Certificate.

 

Hope that helps someone else

SOLUTION
Guclu's picture
18
Nov
2008
0 Votes 0
Login to vote
Guclu

Is it free ? I looked at Verisign but there is no free certificate.

doni's picture
18
Nov
2008
0 Votes 0
Login to vote
doni

i'm referring specifically to an Intermediate Certificate, which is now required in addition to a regular SSL certificate. The Intermediate CA is free, the regular cert is not.

 

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657

Guclu's picture
19
Nov
2008
0 Votes 0
Login to vote
Guclu

doni thanks for information but i need more help.

I got the certificate and go to Administration / Certificates /Certificate Authority i can make update but at Control Center / Certificate User interface HTTPS certificate:there is only demo certificate.

I also tried to make an import at TSL&HTTPS Certificates page but it gives an error "No stored certificate request matches this certificate"

Sorry i don't understand anything about certifiacetes ,what will i do

doni's picture
19
Nov
2008
0 Votes 0
Login to vote
doni

Assuming you're looking to use a Verisign SSL certificate, let's start from the beginning. The first thing you need to do it create a new CSR (certificate signing request) in SBG. You then need to buy a certificate from Verisign and provide them this CSR in the process. They will then email you the actual cert (which they formulate based on the CSR) and you will import it into SBG. At that point it will appear in Control Center as an available cert. You will ALSO have to get the Intermediate CA I mentioned above and import that in SBG.

 

1. Under Administration --> Certificates --> TLS & HTTPS Certs, click Add.

2. Change the certificate type to Certification Authority Signed

3. fill out the rest, click Request, copy the code of the request as indicated.

4. Go to verisign.com, buy an SSL cert and paste the CSR code when asked

5. After Verisign emails you the cert within 2 biz days, go back to TLS & HTTPS Certs in SBG and import it

6. Go to verisign.com and download the correct Intermediate CA from the link I provided

7. In SBG, go to Admin --> Certs --> Certificate Authority, click Update to upload the Intermediate CA

8. In Control Center, select your new cert

 

Please let us know if that clarifies things. Thanks

Guclu's picture
19
Nov
2008
0 Votes 0
Login to vote
Guclu

thanks for your big support i understand it now.I have to buy a certificate.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,034