SecureBlackbox 16: Why does validation of certificates fail with the following error: CA certificate not found?


Certificates in PKI (public key infrastructure) make a chain to the trusted root certificate. Complete validation includes building such a chain and validating each certificate in it (except the trusted root, which is literally trusted). If there are several certificates in the chain, the validator should be able to find each CA certificate in the chain up to the root.

On Windows, in many cases, SecureBlackbox uses system certificate storages (the CA and ROOT stores) for CA and root certificates accordingly. Unix systems do not have unified storage similar to Windows storage at all, and the certificate storages of MacOS, iOS, and Android are currently not supported. Consequently, in many situations, SecureBlackbox cannot find the CA certificate due to the lack of storages.

This problem is solved in a trivial way: your applications need to carry your own lists of known CA certificates and of trusted ROOT certificates. This is exactly what Firefox and Adobe software do, and so do many other applications.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.