Knowledge Base

 

  

 

  Issue Overview
If You have encountered an error message while trying to install a security certificate. The error states:
 
"Invalid Public Key Security Object File - This file is invalid for use as the following: Security Certificate."
 
This error often occurs when a certificate installation process is disrupted or if the certificate file is incorrectly formatted or corrupted. In your case, this happened on the same system where you generated the Certificate Signing Request (CSR) using the Windows Certificate Manager, which indicates a specific problem with the file or installation process.
 
 Possible Causes of the Error

1. Incorrect File Format: You might be trying to install a certificate file in a format that is not supported by the Windows Certificate Manager. The certificate file extension .crt may not match what Windows expects, such as .pfx or .cer.
2. Certificate Corruption: The certificate file may have been corrupted during download or transfer.
3. Mismatched Certificate and CSR: The certificate you are attempting to install may not match the CSR generated from the same system.
4. Improper Certificate Chain: The intermediate or root certificates necessary to verify the security certificate might be missing.

 
Steps to Resolve the Issue
1. Verify File Format

• Ensure that the certificate file format is correct.
• For Windows Certificate Manager, the most commonly accepted formats are .pfx, .cer, and .pem. If the file has a .crt extension, try converting it to .cer or .pem using the command line or OpenSSL.

Steps to Convert Using OpenSSL:

• To convert .crt to .pem:

 

openssl x509 -in cert.crt -out cert.pem

 

• To convert .crt to .cer:

 
Simply rename the file extension to .cer or convert using an online tool.
 
2. Redownload the Certificate

• The certificate might have been corrupted during the download. Redownload the certificate from the source (the Certificate Authority or vendor) to ensure that you have a valid file.

 
3. Match CSR and Certificate

• Ensure that the certificate corresponds to the CSR that was originally generated on your system. This can be checked by reviewing the CSR and certificate details for matching Common Name (CN) values.

 
Steps to Check CSR and Certificate:

• Open the CSR and the certificate in a text editor or use the following command with OpenSSL to display the contents:

Type equation here.
 

openssl req -text -noout -verify -in your_csr.csr openssl x509 -in your_cert.crt -text -noout

 

• Use an online tool for example:
  https://www.sslshopper.com/ssl-certificate-tools.html

 

4. Install Intermediate and Root Certificates

• If the certificate chain is incomplete, you will need to install the intermediate and root certificates provided by your Certificate Authority (CA). Download and install these certificates before installing your SSL certificate.

 
Steps to Install the Intermediate and Root Certificates:

• Download the necessary intermediate and root certificates from your CA.
• Import them using Windows Certificate Manager under the "Intermediate Certification Authorities" and "Trusted Root Certification Authorities" stores, respectively.

 
5. Install the Certificate Manually
If the file format is correct and the CSR matches, install the certificate manually through Windows Certificate Manager:
 
Steps to Install the Certificate:

1. Open the Certificate Manager: Press Windows Key + R, type mmc, and press Enter.
2. In the MMC console, go to File -> Add/Remove Snap-in, then choose Certificates and add it to the console.
3. Select My user account or Computer account, depending on where you want to install the certificate.
4. Right-click the Personal or Trusted Root Certification Authorities folder, depending on your certificate type.
5. Select All Tasks -> Import, and follow the wizard to install your .cer or .pfx file.

 
 
By following these steps, you should be able to resolve the error and successfully install your certificate. If you continue to experience issues, double-check that the CSR, certificate, and chain files are correct and uncorrupted, and ensure you have the correct administrative permissions for installation.