We bought a Verisign certificate, and I’m triying to make a cross certificate. I imported the certificate to Certificates View of Domino, but when I follow the wizard for create the cross certificate, I get this message:“A cross certificate will not be made due to key usage restrictions in the input certificate”
Any orientation, welcome.
Best regards.
Subject: Re: Key usage restrictions in the input certificate
Got same error.
Server version 8.5.2FP2.
Certificate is *.company.com and strength is 2048.
I have no idea how to solve this.
Subject: Certify at a higher level
Although this may be too late, the solution to this problem is to not cross certify at the issued SSL certificate level (eg, your “*.company.com” certificate) but to cross certify at the issuing certificate level (eg, “Verisign Class 3 Secure Server GA”).
Once that’s done, you can push the internet cross certificate down to your clients through a Security desktop policy (Keys & Certificates tab, Administrative Trust Defaults section).
Subject: Technote
This is an additional technote explaining you have to use the highest level of the certificate