Signiant Support

Problem when Importing a Signed Certificate Print


Problem

When importing an off-line signed certificate using dds_cert update -newcert agent_cert.pem, the command fails with the following error message:

50081 The machine being connected to/from has a certificate that is not in the list of trusted certificates

Solution

You are having this problem because the certificate you are trying to import is not signed by the certificate authority whose certificate is in the sigsetup.inf when the Agent was installed.  

Alternatively, if the Agent's security database was rebuilt using the dds_cert buildssf command, the certificate was not signed by the certificate authority whose certificate is in the specified ddspkg.inf file.

The easiest solution is to do the following:
  1. Uninstall the Agent.
  2. Download a new version of the sigsetup.inf file from the Signiant Manager.
  3. Run the installation again. You must revoke the certification on the Signiant Manager before signing the new request.
If this is not possible, or is inconvenient (e.g., the certificate was signed by a third party authority and could take many days before a new cert can be delivered), do the following:
  1. Identify the CA that signed the certificate that you are trying to import.
  2. Obtain the CA's certificate or certificate chain as required.
  3. On the Agent, backup the ddspkg.inf file. This file is located in the security directory.
  4. Copy the CA certificate or certificate chain and paste it into the ddskpkg.inf file. Paste this content into the file before the ------BEGIN CERTIFICATE------. Make sure you copy and paste the BEGIN CERTIFICATE and END CERTIFICATE lines.
  5. Run the following command:
    dds_cert update -newcert agent_cert.pem
    where agent_cert.pem is the filename of the signed certificate