Jump to content

Custom CA - Peer Certificate

Recommended Posts


I'm trying to create a peer certificate (in this case the Server certificate) but it is failing with the following message:

Failed to create certificate: Creating and signing peer certificate failed. Check peer certificate validity, certification authority validity and their overlap.: Trace info: CreatePeerCertificate: Peer certificate validity is not fully covered by certification authority validity

It looks like some validation between the CA I provide and the certificate SMC is generating for signature is failing some validation. Could someone help me understand what are the requirements of both to make this work?

The only difference compared to a CA generated from SMC is the number of bits of the RSA key..


Link to comment
Share on other sites

  • ESET Staff

Problem seems to be selected validity of certificate. New certificate validity cannot exceed validity of certificate authority used for signature. So for example in case CA certificate is valid for new 7 years, you cannot use it to create/sign certificate that is supposed to be valid for next 10 years.

I would recommend to check CA certificate validity and configure new to-be-signed certificate to not exceed validity of CA certificate.

Link to comment
Share on other sites

Just an additional word on this for other users information.

When we create a peer certificate in ESET we specify the validity period dates (start, end) be aware that it will assume 00:00 hours and minutes of start date. This means that if we created the custom root CA that is provided on the same day (for example 2019-11-12 13:20), very probably ESET will fail because it is trying to sign a certificate whose validity starts before that of root CA (2019-11-12 00:00).

Edited by Jean M
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...