Reset Search
 

 

Article

KB43777 - Pulse One certificate path validation during cert installation via serial console fails with error "Error: Existing CA bundle does not match certificate, unable to get issuer certificate"

« Go Back

Information

 
Last Modified Date10/24/2018 6:55 PM
Synopsis
This article describes an issue where Pulse One certificate installation or re-installation via serial console fails with error "Error: Existing CA bundle does not match certificate, unable to get issuer certificate"
 
Problem or Goal
After upgrading to Pulse One (On-Premise) 2.0.1808 and above, certificate installation may fail with the following message:
Error: Existing CA bundle does not match certificate, unable to get issuer certificate
This message did not appear from Pulse One 2.0.1743 and below.
Cause
This issue occurs due to a behavior change in Pulse One 2.0.1808 and above to validate the certificate chain prior to installing any device certificate.
Solution
From Pulse One 2.0.1808 and above, the validation of the certificate chain up to its root CA is required. If a certificate is missing from the CA-Bundle to the root CA, the error will be shown.  In the past versions, this is not fully enforced during installation or re-installation of the certificate, and would not produce an error.

Customer should check the certificate and ca-bundle and ensure that trust is complete to root CA.
Related Links
Attachment 1 
Created ByFelipe Acusa

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255