Question

Invalid parameter when importing the CA-Signed certificate

Forum|Forum|12 days ago
November 3, 2025
3 replies
36 views

+2

rolansaad
7 replies

I am encountering the error while importing the CA-signed certificate using CvCertTool.

windows cli:

cvCertTool -ca-root-cert-filename "C:\cvct_workspace\cacerts\cs1.cer" -workspace C:\cvct_workspace import-ca-certs

Below is the logs:

INFO CertToolConfig:<init>:279 - Workspace log settings updated
INFO CertToolConfig:readPropertiesFile:529 - Checking for workspace configuration file: C:\cvct_workspace\cvct.properties
INFO CertToolConfig:readPropertiesFile:537 - Loading workspace configuration file
INFO CertToolConfig:inferKeystoreType:614 - Unable to infer keystore-type from keystore-filename value - using default value: PKCS12
INFO CertToolConfig:readPropertiesFile:529 - Checking for state file: C:\cvct_workspace\.cvct_state
INFO CertToolConfig:readPropertiesFile:537 - Loading state file
INFO CvCertTool:logMessage:56 - Actions to perform: [import-ca-certs]
INFO CvCertTool:logMessage:56 - Processing action: import-ca-certs
INFO CvCertTool:logMessage:56 - Importing CA certificates
ERROR CvCertTool:logMessage:62 - If file names are provided for the CA root and/or intermediate certificates, then one must also be provided for the signed CA server certificate. If all of those values are omitted, then this tool will analyze all CA-provided certificate files and determine which is which automatically. Please check the values of the following properties: ca-root-cert-filename, ca-intermediate-cert-filename, and ca-server-cert-filename
ERROR CvCertTool:processActions:115 - Action failed: If file names are provided for the CA root and/or intermediate certificates, then one must also be provided for the signed CA server certificate. If all of those values are omitted, then this tool will analyze all CA-provided certificate files and determine which is which automatically. Please check the values of the following properties: ca-root-cert-filename, ca-intermediate-cert-filename, and ca-server-cert-filename
11/03 00:59:21 INFO CvCertTool:main:266 - CvCertTool exiting with code INVALID_PARAMETERS(101)

I cannot see any command help for CvCertTool to see if my syntax is correct or any documentation how to use properly the CvCertTool. Hope someone could share on on how to work the import ca cert command.

+19

Scott Moseman
Vaulter
536 replies
Forum|Forum|12 days ago
November 3, 2025

cvCertTool -ca-root-cert-filename "C:\cvct_workspace\cacerts\cs1.cer" -workspace C:\cvct_workspace import-ca-certs

https://documentation.commvault.com/2024e/commcell-console/importing_ca_signed_certificate.html

You specified the root cert, but what about the intermediate and server certs?

Thanks,
Scott

Commvault Enterprise Success

+2

rolansaad
Author
7 replies
Forum|Forum|12 days ago
November 4, 2025

Hi @Scott Moseman ,

The file i got from our security guy is this “cs1.cer” only. I dont know which it is from the one you have mentioned (root,intemerdiate, server cert).

and in order to import successfully do i expect that i need to get the root, intermediate and server cert from our security guy from the .csr file i submitted to them?

If there are also incorrect syntax from the one i provided above kindly help to suggest a correction.

This is the first time i followed the CV documentation and appreciate a lot for enlighten and guide me further.

+19

Scott Moseman
Vaulter
536 replies
Forum|Forum|11 days ago
November 4, 2025

Typically when getting a CA-signed cert, there’s at least 3 certs necessary.

Root Certificate: The top-level certificate issued by a trusted Certificate Authority (CA).
Intermediate Certificate(s): Bridge between the root and the end-entity certificate. There can be one or more.
End-Entity (Leaf) Certificate: The actual certificate used for authentication, encryption, or signing.

Thanks,
Scott

Commvault Enterprise Success

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded