Search

Language:  
Search for:

Available article translations:

Unable to Get Local Issuer Certificate.

APPLIES TO:
  • Parallels Remote Application Server

Symptoms

When a certificate is issued through an intermediate CA, the following error may sometimes be returned:

alttext

Resolution

This behaviour can be encountered when a connection is established against a 2X ClientSecureGateway.

A way around this is to include the certificate information for the Intermediate CA with the domain certificate so that both are verified. This can be done as follows:

  1. Have a copy of the Domain Certificate in base-64 encoded X.509 (.CER) format.

Opening the certificate in Notepad will show the certificate which starts and ends with the following tags:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

The certificate can be opened and viewed in Windows. By default, Windows opens the file using the Crypto Shell Extensions.

  1. Open the commercial certificate in Windows and switch to the Certification Path tab.

  2. Select the Intermediate CA and select View Certificate.

    alttext

  3. The intermediate CA will be available and can be exported in base-64 encoded X.509 (.CER) format from the Details tab > Copy To File.

    alttext

    Opening the exported .cer file for the Intermediate CA in notepad will also show the following tags for the Intermediate CA certificate:

     -----BEGIN CERTIFICATE-----
     -----END CERTIFICATE-----
    
  4. As a fix, one would need to put the Intermediate CA information in the domain certificate issued in notepad.

In notepad the certificate would have the following structure:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

The top tag would pertain to the domain certificate, where as the bottom one would contain the Intermediate CA one.

Importing this new modified certificate alongside your private key in your 2X ClientSecureGateway will address this behaviour.

NOTE: The Root CA does not require this operation as all supported Root CAs are listed in the trusted.pem files available on Client Installations as well as within the Remote Application Server installation directory.

Search words:

certificate

Unable to Get Local Issuer Certificate

invalid private key

RAS




1d70d1f9c41d01c5f7202a4290e434e1

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No