Certificate error when uploading to Sophos Email Appliance

Question

Hi,

I've got a .pem certificate to upload to the Sophos Email Appliance. When i try to upload it, it errors with

"Invalid Chain Cert".

It is a UC Certificate from Comodo. I've tried uploading trust certificate authority but it says its already there or duplicated.

The .pem file contains the certificate AND the private key that was generated from another server.

Looking within the .pem I can see the intermediate certificate.

This certificate was originally generated by Exchange 2010, ive exported it as .pfx and then used OpenSSL to convert it to .pem.

If I didnt do that process then the .pfx was rejected by Sophos as invalid certificate.

Any help or pointers would be great

This thread was automatically locked due to age.

ParseqAdmin · Accepted Answer

i managed to sort this out after sophos support asked how i was importing the intermediate cert, IE the .pem file included the cert, inter, and root cert. So i edited the .pem file with wordpad and removed the last 2 cert sections, leaving just the 1st cert in, and saved the file. I then imported this into the es1000 and it worked fine.

the issue i think is because the es1000 by default had the same root cert as what was included in my .pem file!