Ugh - same issue here.
Incommon certs have been signed as follows
Incommon intemediate cert
UserTrust intermediate cert
AddTrust root cert
The AddTrust root expired today. There's a new UserTrust that it is now the root. I've imported this and enabled it. But the existing cert is still using the old chain.
So trying to re upload the cert and/or chain using the existing private key. But I am also getting the "certificate file is not valid. Either the certificate signature is tampered or file is corrupted" Both PEM, and PKCS#7 (PEM encoded) result in this error.
I tried PKCS#7 (p7b) and I get "Private Key File is not available in the system.
Since there's no way to export the existing key , It seems the only way is to generate a new csr and get new one? Or can TAC import them via command line?
BTW, in my case, I"m using 6.7.12. Current certs were installed when the system was under 6.6.
Adding that I created a new CSR, but there's no way to download the private key. Only option is to download the CSR.