MID Server TrustStore migrator will not migrate certificates flagged as CA-issued - Known Error

MID Server TrustStore migrator will not migrate certificates flagged as CA-issued Description The MID Server truststore migrator attempts to identify user-created self-signed certificates by evaluating the certificate's basic constraint extension (must = -1). If a user generates a trust chain and uploads it to their bundled truststore, by necessity that extension will not evaluate to -1 the for root and intermediate certificates in the chain: They must be flagged as CA-issued to sign other certificates. These certificates will be skipped during migration.

Steps to Reproduce

Create a trust chain, including root, intermediate, and leaf certificates. Upload the root and intermediate certificates to the MID Server bundled JRE's cacerts file. Upgrade the MID Server. Notice that the contents of cacerts file after upgrade, root and intermediate certificates will not have been migrated.

Workaround This problem has been fixed. If you are able to upgrade, review the Fixed In or Intended Fix Version fields to determine whether any versions have a planned or permanent fix.

If this has happened to you, the root and intermediate certificates will need re-importing to cacerts. Once one cacerts file has been updated, it can be re-used on any other MID Servers requiring the same certificates.