How To: Validate Your Third Party Certificate Chain on the CSA

Version 4

    Verified Product Versions

    LANDESK Management Suite 2016.x

    Purpose:

     

    The purpose of this document is to help make sure that your third party certificate chain is added correctly to your CSA. This can help with other issues but is typically used to get MDM to work on LANDesk Management Suite 2016.

     

    How to:

     

    This is for after you have added your third party certificate to your CSA by following: How To: Add a Third Party Certificate to a Cloud Service Appliance

    Please do not use this document if you are using self signed certificates from LANDesk

     

    • In a web browser, navigate to https://whatsmychaincert.com/ and type in the public name of your CSA. This is going to connect to your CSA on port 443 and test the certificate.

    whatsmychaincert.PNG

     

    • If it shows as misconfigured, you will want to click "This" and it will download a certificate.

     

    Misconfigured.PNG

     

    Note: If you click "this" and get the below message, please refer back to: How To: Add a Third Party Certificate to a Cloud Service Appliance

    You will get the below message if you are using self signed certs, or if the whatsmychaincert site cannot determine the actual chain from the certificate authority.

    An error occurred when building the chain for this certificate. The certificate might lack necessary meta-data or its certificate authority might be malfunctioning. Details:

     

    * The chain contains an untrusted certificate without standard CA issuer information (subject = "dnQualifier=20160510081208, C=US, ST=Utah, L=South Jordan, O="Copyright (C) 2009, LANDesk Software Ltd.", OU="Copyright (C) 2009, LANDesk Software Ltd.",

    CN=chell.landesk.com"; issuer = "dnQualifier=20160506073647, C=US, ST=Utah, L=South Jordan, O="LANDesk(R) Software, Ltd.", OU="Copyright (C) 2009, LANDesk Software Ltd.", CN=Management Gateway (RA)"; error code = 20)

     

     

    • Open the certificate with notepad++ (or notepad will work) and review the contents.
    • Compare the contents of the certificate that it gave you to the certificates that you received from the third party vendor to find the missing certificate. You can also just copy the contents of the cert that whatsmychaincert gave you and add that to the chain that you currently have. Below is the order that the certificates need to be copied in:

     

    End Entity (server cert)
    Intermediate
    CA

     

    Be sure that you remove the old certificates from the CSA prior to attempting to add the chain.

     

    • If you were able to add the certificate chain correctly, you should see this:

     

    correct chain.PNG

     

    • If you still get the "Misconfigured" message, please remove the certificates off of the CSA and add them again in a different order.