xca

Hallo,

I'm trying to install CA into CiscoVPN3000 for many months...

I used the guide of innominate [1].

[1] http://www.innominate.de/images/stories/documents/interop/Interop_mGuard_Cisco3000.pdf

- Step 4: Sign the certificate request with the CA using XCA
...
- export CRT as PEM
- Step 5: Import of the signed Cisco certificate on the Cisco device
- Install certificate obtained via enrollment

Error:
Error installing identity certificate: Invalid certificate chain.


I did already many attempts.
Now I found a difference: SP vs. ST

-----
- CA
Administration | Certificate Management | View
Subject Issuer
CN=cavpn CN=cahrz
OU=hrz OU=hrz
O=fh-lausitz O=fh-lausitz
L=Senftenberg L=Senftenberg
SP=Brandenburg SP=Brandenburg
C=DE C=DE
EA=pki@fh-lausitz.de EA=pki@fh-lausitz.de

---
- CR
Administration | Certificate Management | View Enrollment
Subject Issuer
CN=cavpn N/A
OU=hrz
O=fh-lausitz
L=Senftenberg
SP=Brandenburg
C=DE
-----
11 03/01/2009 16:36:05.950 SEV=5 CERT/99 RPT=4
Enrollment Session Created
Session/request/ca cert handles: 3/7/-1
Request Method=Manual, Cert Type=Identity, Request Type=Initial
Subject DN: CN=cavpn,O=fh-mydomain,L=Senftenberg,ST=Brandenburg,C=DE,OU=hrz
328 03/01/2009 17:04:37.080 SEV=4 CERT/31 RPT=6
Unable to complete certificate chain, reason = Incomplete chain
----
$ openssl x509 -text -in cavpn_1.crt | egrep "Serial|Issuer:|Subject:"
Serial Number: 4 (0x4)
Issuer: C=DE, ST=Brandenburg, L=Senftenberg, O=fh-mydomain, OU=hrz, CN=cavpn/emailAddress=pki@fh-mydomain.de
Subject: CN=cavpn, OU=hrz, O=fh-mydomain, L=Senftenberg, ST=Brandenburg, C=DE/emailAddress=pki@fh-mydomain.de

-----

Can that be the cause for this problem?
Any suggestion?


debian etch
xca--0.6.3 (cannot use 0.6.4)

Regards Trosten