Hello, I'm trying to import a certificate with mozilla firefox, I want to use this certificate to sign documents in PDF and Microsoft Word, but I get the following error: This certificate can not be verified and will not be imported. Maybe the issuer certificate is unknown or unreliable, perhaps the certificate expired or been revoked, or has not been approved. Here are the steps I perform to reproduce the error: On the client side: 1.- Enter the url "https://pki.mydomain.mx:9444/ca/ee/ca/" in the browser Mozilla Firefox 2.- Select Certificate Profile Name "Manual User Dual-Use Certificate Enrollment" 3.- Change Key Generation Request from 512 to 2048 RSA (Encryption and Signing) 4.- Enter the UID and the Common name and click submit On the server side: 5.- Enter the url "https://pki.pgjtabasco.gob.mx:9445/ca/services" and select Agent services 6.- Find new certificate request and click the new certificate request 7.- Review the details of the certificate request 8.- Choose approve request and click on submit Again On the client side: 9.- Check request status 10.- Choose Issued certificate 11.- Review Certificate contents Certificate: Data: Version: v3 Serial Number: 0x15 Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Issuer: CN=Certificate Authority,OU=pki-ca,O=mydomain Domain Validity: Not Before: lunes 5 de mayo de 2014 22H49' CDT Mexico/General Not After: sábado 1 de noviembre de 2014 21H49' CST Mexico/General Subject: UID=Alex prueba,CN=Alexander prueba Subject Public Key Info: Algorithm: RSA - 1.2.840.113549.1.1.1 Public Key: Exponent: 65537 Public Key Modulus: (2048 bits) : C7:7F:A8:F4:1B:E7:63:61:8D:22:36:BF:2E:A1:78:98: 03:DC:2B:6D:8B:A0:5B:D9:09:CA:2A:85:E7:12:71:21: E3:33:04:6E:88:12:3C:A8:49:7B:6A:61:15:3C:D2:7C: 5E:C1:F9:A6:B9:3D:38:F7:66:90:34:5E:25:D1:B8:05: C4:C4:4D:DC:72:FC:DA:30:E6:D8:DE:2D:54:01:ED:95: 97:BE:AD:03:4D:44:F6:5D:D2:1A:FD:02:1A:07:85:5A: 34:EA:B4:A8:49:AD:E9:AD:28:DD:36:A6:E9:8D:72:A0: 5F:B4:EF:5F:F2:9E:A0:0B:00:52:F4:8F:65:6F:22:53: 80:C8:9A:E6:5F:B9:01:EC:69:27:CF:80:5D:56:3D:05: 27:CD:C4:FC:E8:A2:08:C7:55:47:FF:5A:76:29:0B:CF: 4E:00:F4:F8:7E:A6:AE:A1:E5:74:A5:E8:5B:57:C7:BA: 0B:D0:C2:6E:53:53:C7:F6:32:30:C5:CC:2F:DC:3A:8C: 01:36:07:16:81:BC:C1:4E:76:44:46:3A:1B:89:64:8C: 58:AA:C4:54:43:EC:DC:FC:43:8C:7B:23:DD:C4:75:DA: E4:8A:0E:BF:33:10:B8:CD:A7:B4:1E:A0:80:50:15:A8: 9F:3D:DA:C6:45:E6:F3:94:F2:E8:36:68:57:ED:20:E5 Extensions: Identifier: Authority Key Identifier - 2.5.29.35 Critical: no Key Identifier: DC:B3:54:E7:39:AD:59:DF:3D:F4:DB:C6:6F:9C:86:CE: 91:83:EB:4A Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 Critical: no Access Description: Method #0: ocsp Location #0: URIName: http://pki.mydomain.mx:9180/ca/ocsp Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Non Repudiation Key Encipherment Identifier: Extended Key Usage: - 2.5.29.37 Critical: no Extended Key Usage: 1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.4 Signature: Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Signature: 19:90:D1:56:76:B7:69:F8:6B:2B:F8:56:F1:5C:DA:CC: F1:D2:AB:DE:9F:C5:EF:DC:37:50:71:55:CE:66:58:C8: 06:3F:E1:22:04:74:E8:2F:99:AE:EA:02:0C:58:05:63: C9:8B:DF:D8:2B:DC:5D:A5:34:D9:42:2C:B5:C2:24:AD: 73:48:E2:5B:D8:1B:02:3F:83:4B:59:00:7F:D2:1C:0D: 5E:10:B3:34:31:CF:4E:4E:38:3C:1E:47:6B:A7:1A:9D: D2:AF:3B:73:7C:1B:01:0E:E9:6B:81:63:D1:70:DF:B1: A0:36:C0:D5:AE:DB:6B:41:14:F6:25:C9:D2:69:CF:1A: 7F:CE:82:67:07:FA:CE:26:CE:78:71:31:47:2C:DF:64: 44:D9:1C:25:C0:F1:AE:E1:54:E2:F5:66:01:0F:62:5D: 5D:9B:23:83:44:6E:2A:4E:AA:9D:52:3F:34:F8:19:51: 61:96:CE:C2:03:3B:B2:F5:E3:C6:D7:62:F3:8A:8B:ED: 27:1F:4A:5F:56:4E:94:42:7A:CE:73:4D:EF:E6:85:FF: FA:31:CB:EC:C2:E7:C2:D6:EC:C3:22:FE:28:1C:D4:D7: 21:D9:8D:7B:02:38:54:56:7E:34:34:7B:D0:C7:ED:C7: B1:1A:EA:67:5A:B9:47:5D:2D:82:45:5E:D1:4F:1D:A7 FingerPrint MD2: 47:78:C3:CC:5B:76:A6:6F:CF:BC:E7:A4:9A:8B:C2:7F MD5: DD:42:A1:89:B7:0A:B1:0A:A9:84:2C:47:10:35:76:67 SHA1: 04:CF:4C:1E:5C:27:F2:B6:AF:BA:E0:64:32:FC:81:0F: D5:35:6D:BE SHA256: 18:98:CA:08:26:22:13:C1:37:3B:45:A5:29:B9:60:85: 55:55:A4:DC:27:C6:89:3E:8D:1A:40:D9:97:C9:3F:C4 SHA512: 36:51:19:47:D1:FB:67:7C:E7:B4:21:6B:50:1D:E1:74: 3E:6D:22:10:AA:CC:DD:4D:84:2E:5E:58:47:69:1D:C1: AC:35:A9:18:5E:16:DF:82:F8:3B:B9:DE:BF:EB:03:1E: 8B:E9:92:DE:9D:FE:DF:81:9A:B3:97:B5:50:56:A4:7F Installing this certificate in a server The following format can be used to install this certificate into a server. Base 64 encoded certificate -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBFTANBgkqhkiG9w0BAQsFADBQMR0wGwYDVQQKExRQZ2p0 YWJhc2NvR29iIERvbWFpbjEPMA0GA1UECxMGcGtpLWNhMR4wHAYDVQQDExVDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTQwNTA2MDM0OTMzWhcNMTQxMTAyMDM0OTMz WjA4MRkwFwYDVQQDExBBbGV4YW5kZXIgcHJ1ZWJhMRswGQYKCZImiZPyLGQBARML QWxleCBwcnVlYmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHf6j0 G+djYY0iNr8uoXiYA9wrbYugW9kJyiqF5xJxIeMzBG6IEjyoSXtqYRU80nxewfmm uT0492aQNF4l0bgFxMRN3HL82jDm2N4tVAHtlZe+rQNNRPZd0hr9AhoHhVo06rSo Sa3prSjdNqbpjXKgX7TvX/KeoAsAUvSPZW8iU4DImuZfuQHsaSfPgF1WPQUnzcT8 6KIIx1VH/1p2KQvPTgD0+H6mrqHldKXoW1fHugvQwm5TU8f2MjDFzC/cOowBNgcW gbzBTnZERjobiWSMWKrEVEPs3PxDjHsj3cR12uSKDr8zELjNp7QeoIBQFaifPdrG RebzlPLoNmhX7SDlAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU3LNU5zmtWd899NvG b5yGzpGD60owRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vcGtp LnBnanRhYmFzY28uZ29iLm14OjkxODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAw HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IB AQAZkNFWdrdp+Gsr+FbxXNrM8dKr3p/F79w3UHFVzmZYyAY/4SIEdOgvma7qAgxY BWPJi9/YK9xdpTTZQiy1wiStc0jiW9gbAj+DS1kAf9IcDV4QszQxz05OODweR2un Gp3SrztzfBsBDulrgWPRcN+xoDbA1a7ba0EU9iXJ0mnPGn/OgmcH+s4mznhxMUcs 32RE2RwlwPGu4VTi9WYBD2JdXZsjg0RuKk6qnVI/NPgZUWGWzsIDO7L148bXYvOK i+0nH0pfVk6UQnrOc03v5oX/+jHL7MLnwtbswyL+KBzU1yHZjXsCOFRWfjQ0e9DH 7cexGupnWrlHXS2CRV7RTx2n -----END CERTIFICATE----- Base 64 encoded certificate with CA certificate chain in pkcs7 format -----BEGIN CERTIFICATE----- MIIHnAYJKoZIhvcNAQcCoIIHjTCCB4kCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH bTCCA54wggKGoAMCAQICARUwDQYJKoZIhvcNAQELBQAwUDEdMBsGA1UEChMUUGdq dGFiYXNjb0dvYiBEb21haW4xDzANBgNVBAsTBnBraS1jYTEeMBwGA1UEAxMVQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE0MDUwNjAzNDkzM1oXDTE0MTEwMjAzNDkz M1owODEZMBcGA1UEAxMQQWxleGFuZGVyIHBydWViYTEbMBkGCgmSJomT8ixkAQET C0FsZXggcHJ1ZWJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3+o 9BvnY2GNIja/LqF4mAPcK22LoFvZCcoqhecScSHjMwRuiBI8qEl7amEVPNJ8XsH5 prk9OPdmkDReJdG4BcTETdxy/Now5tjeLVQB7ZWXvq0DTUT2XdIa/QIaB4VaNOq0 qEmt6a0o3Tam6Y1yoF+071/ynqALAFL0j2VvIlOAyJrmX7kB7Gknz4BdVj0FJ83E /OiiCMdVR/9adikLz04A9Ph+pq6h5XSl6FtXx7oL0MJuU1PH9jIwxcwv3DqMATYH FoG8wU52REY6G4lkjFiqxFRD7Nz8Q4x7I93Eddrkig6/MxC4zae0HqCAUBWonz3a xkXm85Ty6DZoV+0g5QIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFNyzVOc5rVnfPfTb xm+chs6Rg+tKMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL3Br aS5wZ2p0YWJhc2NvLmdvYi5teDo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXg MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOC AQEAGZDRVna3afhrK/hW8VzazPHSq96fxe/cN1BxVc5mWMgGP+EiBHToL5mu6gIM WAVjyYvf2CvcXaU02UIstcIkrXNI4lvYGwI/g0tZAH/SHA1eELM0Mc9OTjg8Hkdr pxqd0q87c3wbAQ7pa4Fj0XDfsaA2wNWu22tBFPYlydJpzxp/zoJnB/rOJs54cTFH LN9kRNkcJcDxruFU4vVmAQ9iXV2bI4NEbipOqp1SPzT4GVFhls7CAzuy9ePG12Lz iovtJx9KX1ZOlEJ6znNN7+aF//oxy+zC58LW7MMi/igc1Nch2Y17AjhUVn40NHvQ x+3HsRrqZ1q5R10tgkVe0U8dpzCCA8cwggKvoAMCAQICAQEwDQYJKoZIhvcNAQEL BQAwUDEdMBsGA1UEChMUUGdqdGFiYXNjb0dvYiBEb21haW4xDzANBgNVBAsTBnBr aS1jYTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE0MDQzMDA1 MDkyNFoXDTIyMDQzMDA1MDkyNFowUDEdMBsGA1UEChMUUGdqdGFiYXNjb0dvYiBE b21haW4xDzANBgNVBAsTBnBraS1jYTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+TFt8NY+Llt qsOAswT0oCvc/7XECJ4ftQKCrP6Y/O168tW1TOBG5fm5NXY7u7QyXC8HWWuC24XS p5tgOhgtHnhAnyCj8isn4VvzxIdVFMPFlSjwJN3uKkGKq2jXojOZKPL7pK2Tzm4l w+v5G89uQ0JSxqAG9x9EUWQ2UFIXaGrby7V5GaRh6H7OLWqGn/ZpZHcMhZPFGTED lbLK7BNCP8TnOBfNYjkUGF41F+n559H2EblvjB3nnrRAcUZt0s5MGCcDp3wexWHF Exo2/DoKY3vYdRuaUVKeqXGZGrawuymD0rzS7/aS+WeEgljg8Dh2vqtWeF/2AzhL KvIm0y+2kwIDAQABo4GrMIGoMB8GA1UdIwQYMBaAFNyzVOc5rVnfPfTbxm+chs6R g+tKMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTc s1TnOa1Z3z3028ZvnIbOkYPrSjBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAGG KWh0dHA6Ly9wa2kucGdqdGFiYXNjby5nb2IubXg6OTE4MC9jYS9vY3NwMA0GCSqG SIb3DQEBCwUAA4IBAQAhjq/FFqF/Nlobc90zHZ2dWmkYZvWZMVk+zVVSAlFyClxi draCo3uwNlmYnHnN0m8SPoejjohr58lOOOFRp6uh+DTtX7wdxXZo49cN8SrRBGrV csrWAce2pMltEom4qcgbVaOKeUl2kQk7SKdkXuvdEQd9MutG8qrBRUMIdgP4YkOb JY87ckIixpX5fDMcJ1kMD57bhDjEIOcPZ3IEs2NZbYerBulsYg1gD8BjQObHbRrw VCZmtx9sJepkzK0VacCwwJWZ8MRsg25OLQKyV1dNiyW82wEIJJbpeGYs6ctaJwHt +UkabdvkB7nrBSMHhg+STIh+F2qpMLyY5yfxCxvvMQA= -----END CERTIFICATE----- 12.- Click import your certificate 13.- I get message: "This certificate can not be verified and will not be imported. Maybe the issuer certificate is unknown or unreliable, perhaps the certificate expired or been revoked, or has not been approved." Note: I added numbered images for more detail as well as the details of the certificate.