Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-07-05 16:15:02.0

Why do I receive an error message when I try to create an SSL certificate?

Article Number: 46226

When you try to generate a certificate through Entrust Cloud you may receive:

"An error has occurred with the creation of this certificate. Please refer to our troubleshooting steps by clicking here. If you still are experiencing problems, Entrust Datacard has been notified and will contact you during regular business hours to assist"

This error occurs when Entrust Datacard cannot generate a certificate based on the Certificate Signing Request (CSR) you have submitted.  The CSR may contain one or more of the following issues.

A. The CSR that was submitted may have included special characters in the challenge or revocation passphrase. Please use a passphrase which is alpha-numeric only.

B. If you are using a Webmethods server, please do not enter a revocation passphrase. 

C. If you are using the BEA Weblogic certificate.war application on a Solaris system. The file produced is not Base64 encoded (pem) that meets Entrust standards.  You may try a different service pack or version of Weblogic, the private key generated can be moved to the actual server that is going to use it. Another option is to use java keytool to generate a JKS self-signed keystore and CSR from this keystore, which Entrust can then sign.

D. If you are using IKEMAN on a Unix system, please do not use any shift characters or special characters when creating the CSR. This includes &+#!@/-=,.

When creating a CSR, please following these general guidelines:

1. Do not use special characters or shift characters in the challenge or revocation passphrase. These characters are unsupported.  This includes the following:

2. Do not use special characters or shift characters in the Organization Unit level. These characters are unsupported. This includes the following:

2. Bit key length size should be 2048, depending on application security requirements. Higher bit lengths are not supported.

3. The CSR should be in plain text ASCII Base64 (pem) encoded format.
Some FTP and text editor programs might corrupt the format.

4. UTF8String or Universal12 encoding is not supported in the generation of the CSR from your application.

Please re-submit your CSR using the above guidelines. If you experience the same problem, please  state your Operating System and Server Software relating to the keypair generation. 

For more information on generating a Certificate Signing Request (CSR), please refer to your web server documentation or, for popular web server instructions, please visit our Web Server Support section by clicking here.



Affected Products:

  • Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Web Hoster Service Account Version Not Applicable English Platform Not Applicable