Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

invalid certificate purpose

RexPGP_
Frequent Contributor
‎02-19-2013 04:36:AM
‎02-19-2013 04:36:AM

invalid certificate purpose

insatlled a new entrust exchange intermediate cert on two VPN code version 7.1r41. I then tried to install on a 7.3r3 code. I am getting the above error no matter what I do. I keep recovering the cert chains from importing system config and then deleteing more of the chain. I deleted entire entrust cert chain and reimported it.

 

I do get a warning on 7.1r41 code may be invalid but it works. My not be valid CA cert

0 Kudos
4 REPLIES 4
RexPGP_
Frequent Contributor
‎02-19-2013 09:16:AM
‎02-19-2013 09:16:AM

Re: invalid certificate purpose

I think I found answer in Forums

 

One error that we've noticed when re-importing the CA certificate that may have something to do with it:

"ERR23036 Invalid certificate purpose on \'O=xxxx OU=xxxx, CN=xxxxx\"

This issue was determined to be we did not have Basic Constraints:CA:TRUE in our CA. However after doing that it still was not working.

After a long battle I ended up rolling back to 7.1 R1.1 and then upgrading back to 7.1 R2 with the new CA and NOW everything is working.

The unfortunate part is no where in any documentation on the R2 upgrade does it say this CA requirement for basic constraints was added.

Message 24 of 37(623 Views)

Add Tag...

07-12-201104:52 PM

Dear zanyterp,

it indeed seems that our certificate is no longer working because we miss "Basic Constraits".

Now the question : Do we really need to re-issue our certificate and thereby have to replace all our client certificates aswell ? This would mean a lot of unneccessary work for us. Or is there an other way ?

0 Kudos
zanyterp_
Respected Contributor
‎02-19-2013 07:39:PM
‎02-19-2013 07:39:PM

Re: invalid certificate purpose

glad to hear you are working successfully now. yes, the restriction came in but was not release noted immediately until testing was found at other sites that RFC enforcement changes caused this behavior.

0 Kudos
RexPGP_
Frequent Contributor
‎02-20-2013 04:48:AM
‎02-20-2013 04:48:AM

Re: invalid certificate purpose

Entrust does not want to set intermediate to trusted or true. Is there plans to once again allow on newer code? I have Error and it allowed for now. We are going to upgrade and it will fail. I have 2 years to get answer

0 Kudos
RexPGP_
Frequent Contributor
‎02-20-2013 04:49:AM
‎02-20-2013 04:49:AM

Re: invalid certificate purpose

I have 7.1r41 code and it allowed for now

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.