08-24-2013 07:19 AM
Upon installing our valid Thawte SSL for securelogin.mycompanay.net I came across twice an error.
1. Certificate CA "CN=Thawte SSL CA, O="Thawte, Inc.", C=US" must be added and enabled in Certificate Trust List
This error was solved very quick by activating it in the Certificate Trust List.
2.Certificate CA "EMAILADDRESSfirstname.lastname@example.org, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA" must be added and enabled in Certificate Trust List
This error caused my a bit of a headache. There is a Thawte Premium Certificate installed though but any time I attempted to import the SSL certificate ClearPass prompted above error. It turned out that the pre-installed Thawte Premium Root Certificate is faulty.
At the end I removed all pre installed Thawte Root Certificates and reinstalled them by downloading them from Thawte.com
Perhaps the post is of help for those who may encounters the same problem.
08-24-2013 07:26 AM
intermediate certs have very similar names.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
08-24-2013 07:38 AM
I am aware of the Thawte issues. Beeing a Thawte partner for a few years ....
Here it was not a naming issue. Somehow a slash found its way into the pre installed certificate.
EMAILADDRESSemail@example.com, CN=Thawte Premium Server CA/OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA