The Access Manager Certificate Authority requires that all certificate key pairs in .pfx format contain the complete certificate chain. If a key pair was created with multiple CAs and the exported certificate does not contain the complete certificate chain, the file cannot be imported into Access Manager. When you try to import such a certificate, the following error message is displayed:
"Error importing certificate key pair: Error: Error: -1403
When exporting the certificate key pair, ensure that you include all the certificates in the certification path.
To ensure that your certificate contains all the intermediate certificates and contains them in the right order, import the certificate into Internet Explorer or Firefox.
Internet Explorer: click Tools > Internet Options > Content > Certificates > Personal > Import.
Firefox: click Tools > Options > Advanced > Encryption > View Certificates > Your Certificates > Import.
Make sure the browser contains the public key for all the intermediate CAs. Then select the certificate and export the certificate in the .pfx format. In Internet Explorer, you must select to include all the certificates in the chain. In Firefox, all the certificates in the chain are automatically included.
If you receive an error when importing the certificate, the error comes from either NICI or PKI. For a description of these error codes, see Novell Certificate Server Error Codes and Novell International Cryptographic Infrastructure.