Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 4721 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot create email encryption S/MIME certificate object

Revan

Hello,

i want to import some S/MIME certs which came as *.cer files but the utm doesn`t want to import these files.

I always get the following error message:

Cannot create email encryption S/MIME certificate object: certificate data is malformed.

 

The certificates seems to be allright though, i can import them easily on my pc.

So what can i do?



This thread was automatically locked due to age.
Parents
  • +1

    Hi Revan,

    Certificates have to be uploaded to the UTM as Base 64 encoded and the UTM will only accept them as .pem file extension (I'm fairly certain, been a while since I've not changed them to .pem before uploading).

    Easiest way to check if it's Base64 encoded is to open up the certificate in Notepad and if the cert has the following properties:

    -----BEGIN CERTIFICATE-----
    MIIJkzCCB0egAwIBAgITTwAAAM8zqZL5RDcRtgAAAAAAzzBBBgkqhkiG9w0BA...

    -----END CERTIFICATE----

    Then it is Base64 encoded. If it cannot open in Notepad and comes up with a ton of junk characters then it is probably DER or other type encoded.

    To fix this, press Windows key + r and type certmgr.msc then go to Personal > Certificates and right click all tasks then Import.

    Import the certificate into your personal certificate directory then right click each certificate and export them as Base64 encoded.

    Once you have exported them all, change all the file extensions *.cer to *.pem and try again :)

    Just to test, change the extension before you do all the above just to see if it's an extension issue first.

    Hope that helps!

    Emile

Reply
  • +1

    Hi Revan,

    Certificates have to be uploaded to the UTM as Base 64 encoded and the UTM will only accept them as .pem file extension (I'm fairly certain, been a while since I've not changed them to .pem before uploading).

    Easiest way to check if it's Base64 encoded is to open up the certificate in Notepad and if the cert has the following properties:

    -----BEGIN CERTIFICATE-----
    MIIJkzCCB0egAwIBAgITTwAAAM8zqZL5RDcRtgAAAAAAzzBBBgkqhkiG9w0BA...

    -----END CERTIFICATE----

    Then it is Base64 encoded. If it cannot open in Notepad and comes up with a ton of junk characters then it is probably DER or other type encoded.

    To fix this, press Windows key + r and type certmgr.msc then go to Personal > Certificates and right click all tasks then Import.

    Import the certificate into your personal certificate directory then right click each certificate and export them as Base64 encoded.

    Once you have exported them all, change all the file extensions *.cer to *.pem and try again :)

    Just to test, change the extension before you do all the above just to see if it's an extension issue first.

    Hope that helps!

    Emile

Children
Unfiltered HTML