@Darshil The error is saying the certificate is not correct. There are common fields in a certificate that identify things like the purpose of the certificate.
The Key Usage field: This field lists the valid cryptographic uses of the certificate's public key. Basically what can the certificate's public key be used to do. Examples are digital signature validation, key encipherment, or certificate signing
The Extended Key Usage field: This field lists the applications the certificate may be used for. Examples of the values in this field are: TLS server authentication, email protection, and code signing.
The Subject Alternative Names for a certificate allows the association of various values with a security certificate. In the SMA this is used to add domain names to the certificate. But it can include things like email addresses.
The most likely cause of this error is when the certificate was retrieved from the CA web site the wrong purpose certificate type was retrieved. What the SMA requires is an Apache Server certificate. If you pull a certificate set up for a different purpose you will get this error.
To fix this, go back to the CA web site and pull your certificate again and ensure you pull the Apache Server version.
Answers
Hi @Darshil
is this certificate issued by a public CA? To do further investigation you can examine the cert/key with openssl or my preferred tool of choise XCA.
--Michael@BWC
@Darshil - We'll have this post moved to SECURE REMOTE ACCESS category for precise answers.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
@Darshil The error is saying the certificate is not correct. There are common fields in a certificate that identify things like the purpose of the certificate.
The Key Usage field: This field lists the valid cryptographic uses of the certificate's public key. Basically what can the certificate's public key be used to do. Examples are digital signature validation, key encipherment, or certificate signing
The Extended Key Usage field: This field lists the applications the certificate may be used for. Examples of the values in this field are: TLS server authentication, email protection, and code signing.
The Subject Alternative Names for a certificate allows the association of various values with a security certificate. In the SMA this is used to add domain names to the certificate. But it can include things like email addresses.
The most likely cause of this error is when the certificate was retrieved from the CA web site the wrong purpose certificate type was retrieved. What the SMA requires is an Apache Server certificate. If you pull a certificate set up for a different purpose you will get this error.
To fix this, go back to the CA web site and pull your certificate again and ensure you pull the Apache Server version.