Receiving "Error: Keyring does not have a certificate authority's certificate: 'keyring-name'" after SGOS Upgrade



The error occurred when the custom SSL certificate in used for SSL interception didn't have a valid CA attribute. It was working in a previous version where certificate validation was not that tight. Changes are made on the newer SGOS 6.5 release to tighten the certificate validation (just like all browsers). The solution it to get a certificate signed by the local CA with Sub CA power selected.  Please follow these steps to verify and resolve the issue:

  1. Download the SSL certificate into local PC (https://x.x.x.x:8082/SSL/Download_ca)
  2. Double click to open the certificate and go to Details tab
  3. Scroll down to Basic Constraints field 
  4. If the certificate is signed correctly, it must have valid CA attribute (Subject Type=CA). If you are getting "Subject Type=End Entity," it means this is not valid CA and it needs to be re-signed again with Sub CA power selected, using your Internal CA server
  5. See setting up HTTPS / SSL Forward Proxy with an Intermediate internal Certificate Authority (000013382)


Additional Information
Bug Number
InQuira Doc IdFAQ3259

Article Feedback

Did this Article solve your issue?
Additional Comments:
Previous MonthNext Month