Skip to main content

Why do I receive an error message when I try to create an SSL certificate?

User-added image

When you try to generate a certificate through Entrust Cloud you may receive:

"An error has occurred with the creation of this certificate. Please refer to our troubleshooting steps by clicking here. If you still are experiencing problems, Entrust Datacard has been notified and will contact you during regular business hours to assist"

This error occurs when Entrust Datacard cannot generate a certificate based on the Certificate Signing Request (CSR) you have submitted.  The CSR may contain one or more of the following issues.

A. The CSR that was submitted may have included special characters in the challenge or revocation passphrase. Please use a passphrase which is alpha-numeric only.

B. If you are using a Webmethods server, please do not enter a revocation passphrase.

C. If you are using the BEA Weblogic certificate.war application on a Solaris system. The file produced is not Base64 encoded (pem) that meets Entrust standards.  You may try a different service pack or version of Weblogic, the private key generated can be moved to the actual server that is going to use it. Another option is to use java keytool to generate a JKS self-signed keystore and CSR from this keystore, which Entrust can then sign.

D. If you are using IKEMAN on a Unix system, please do not use any shift characters or special characters when creating the CSR. This includes &+#!@/ -=,.

When creating a CSR, please following these general guidelines:

1. Do not use special characters or shift characters in the challenge or revocation passphrase. These characters are unsupported.  This includes the following:
".,;-@#$%^&!*)(-+=<>?/:

2. Do not use special characters or shift characters in the Organization Unit level. These characters are unsupported. This includes the following:
".,;-@#$%^&!*)(-+=<>?/:

2. Bit key length size should be 2048, depending on application security requirements. Higher bit lengths are not supported.

3. The CSR should be in plain text ASCII Base64 (pem) encoded format.
Some FTP and text editor programs might corrupt the format.

4. UTF8String or Universal12 encoding is not supported in the generation of the CSR from your application.


Please re-submit your CSR using the above guidelines. If you experience the same problem, please  state your Operating System and Server Software relating to the keypair generation.

For more information on generating a Certificate Signing Request (CSR), please refer to your web server documentation or, for popular web server instructions, please visit our Web Server Support section by clicking here .

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088