Hi, Firstly, I'm fairly new to this - so apologies if I don't describe this very well, or leave out any obvious info....
We use PKI certs generated by a third party - and I'm in the process of installing the Vsphere v7 certificate. We've got a process which I've followed once before and been fine. But this time, after I install the certificate, Firefox gives me a "SEC_ERROR_CERT_NOT_IN_NAME_SPACE" error.
The only other Browser we have on our system is IE. When I entered the url of the Vsphere server, in IE - it did give me the Vsphere login screen OK. When I clicked on the padlock in the address bar, the new certificate was there, complete with its chain (Root CA and intermediate) and the dates were as expected. So it look like the PKI cert install has worked. However, I need it to work in Firefox. I'm a bit out of ideas.
I did find this post:
https://security.stackexchange.com/questions/188914/certifying-authority-for-this-certificate-is-not-permitted-to-issue-a-certificat
But when I checked the Permitted name constraints of our intermediate CA, the expected domain was in there, so I assumed that wasn't the issue (if I've understood this correctly).
Any thoughts would be much appreciated.
Thanks.
Hi, Firstly, I'm fairly new to this - so apologies if I don't describe this very well, or leave out any obvious info....
We use PKI certs generated by a third party - and I'm in the process of installing the Vsphere v7 certificate. We've got a process which I've followed once before and been fine. But this time, after I install the certificate, Firefox gives me a "SEC_ERROR_CERT_NOT_IN_NAME_SPACE" error.
The only other Browser we have on our system is IE. When I entered the url of the Vsphere server, in IE - it did give me the Vsphere login screen OK. When I clicked on the padlock in the address bar, the new certificate was there, complete with its chain (Root CA and intermediate) and the dates were as expected. So it look like the PKI cert install has worked. However, I need it to work in Firefox. I'm a bit out of ideas.
I did find this post:
https://security.stackexchange.com/questions/188914/certifying-authority-for-this-certificate-is-not-permitted-to-issue-a-certificat
But when I checked the Permitted name constraints of our intermediate CA, the expected domain was in there, so I assumed that wasn't the issue (if I've understood this correctly).
Any thoughts would be much appreciated.
Thanks.