a Certificate chain could not be built to a trusted root authority
Posted by Conleth Overton on 22/05/18 15:14
Unable to authorise / sign - Error 'a certificate chain could not be built to a trusted root authority'
This issue can occur when the smart card certificates have not been installed correctly or the certificates no longer reside in the correct certificate stores. To correct this please follow the instructions below to install the certificates:
We recommend that this is done by somebody in your IT department who has full access to the server and is familiar with your IT infrastructure.
1. Make sure the smart card is inserted into the card reader with a solid green light. If you do not have a solid green light this may mean the PC cannot talk to the smart card. Please see the following article to diagnose this https://help.bottomline.co.uk/help/help/smartcards/kb-smartcard-1001
2. Launch the Gemalto toolbox as an administrator by browsing to 'Start' > type in the search bar 'Classic Client Toolbox' > Hold down shift and right click the 'classic toolbox exe' and click run as administrator.
3. Within the toolbox choose 'Certificates'.
4. On the right hand side Gemalto will show a list of all your certificates. Select the certificate named 'Identrus Root CA cert' or may be called just 'Root CA Cert' and click 'show details'.
5. Choose 'install certificate' and click 'Next'.
6. Under certificate store you will need to select the correct store as follows:
a. Click 'place all certificates in the following store' and click 'browse'.
b. Tick 'Show physical stores' and in the small box scroll up to 'Trusted Root Certificate Authorities'.
c. Click the cross next to 'Trusted Root Certificate Authorities' and select 'Local Computer'.
Please Note: If the local computer does not exist you either are not running the application as an administrator or the account your are using is not an admin. To correct this you will need to close down and relaunch the application as an admin, Grant additional admin rights to the user you are logged in as or log out completely and do this as a different user.
d. Once local computer is selected click 'OK', Next and then 'Finish'.
e. Once you receive a message saying the import was successful click 'OK'.
7. Once you have installed the root Ca Cert you will need to do steps 5 and 6 again but this time select 'Identity Ca cert'.
8. Once all the above has been completed try signing/sending your submission again.