I decided to request a BuyPass Go certificate. The request itself went fine but the export to pfx failed:
2020-11-27 14:29:29.877 +01:00 [ERR] Certificate request process failed: System.Exception: Failed to build certificate as PFX. Check system date/time is correct and that the issuing CA is a trusted root CA on this machine. :Can not find issuer ‘C=NO,O=Buypass AS-983163327,CN=Buypass Class 2 Root CA’ for certificate ‘C=NO,O=Buypass AS-983163327,CN=Buypass Class 2 CA 5’.
The pfx export fails because it cannot find the root certificate. The BuyPass Class 2 root is by default not in the trusted root store. Apparently this certificate is installed on first use…
So I have problem here. The certificate cannot be exported, but as long as I don’t open a BuyPass Go certificate the root won’t be available.
Is it required to include the root certificate itself in the pfx? Isn’t it enough to include just the intermediate/issueing ca certificate, just as you would on a web server?