When you create a certificate signing request, send it to a third-party issuer to be signed, and receive the server certificate from the third-party issuer, you sometimes receive a -1226 error when you try to import the signed certificate. You receive this error when the issuer does not sent back the trusted roots required to validate the issuer of the server certificate.
Use one of the following options to resolve this issue:
If the issuer included the trusted root and any intermediate certificates in a separate file or files, specify these files during the import by clicking the + character that allows you to add a trusted root or an intermediate certificate.
If the issuer did not send you any additional files, you can go to the issuer’s Web site, download them, then specify these files during the import by clicking the + character that allows you to add a trusted root or an intermediate certificate.
You can try importing the certificate into Internet Explorer, which has the trusted roots from all major CAs, then export the certificate with the required chain of trusted roots. See Section 44.1.1, Using Internet Explorer to Add a Trusted Root Chain.
The following procedure only works when Internet Explorer contains the trusted root certificate of the issuer of your certificate.
In Internet Explorer, click > > > .
Click and import your server certificate into the tab.
Click , then double click on your certificate.
Click .
If the shows that the certificate is OK, you now have the full certificate chain available for export. Click , then continue with Step 5.
If the is not OK, you cannot use this method. Click , then contact your issuer for the certificate chain.
Select the certificate, then click > .
Select as the format and select to include the certificate chain.
Click , then specify a filename and path for the file.
Click > .
Use this P7B file to import your server certificate into Access Manager.