Troubleshoot site and NASH certificate issues

When running HI lookups or accessing My Health Record from Bp Premier, you may receive one of the following errors:

  • An error occurred attempting to connect to the HI service. No certificate was found with serial number 'nnnnnn'.
  • An error occurred attempting to connect to the HI service. Keyset does not exist.
  • Unable to access a PCEHR for this patient. Could not establish secure channel for SSL/TLS with Authority Error.
  • Unable to access My Health Record for this patient. Certificate was not found with criteria 'xxxxxx'.

These errors are caused by the Site and NASH certificates not being imported correctly, or Windows not trusting a PKI certificate because the Medicare certificate did not install.

For most Bp Premier installations, certificates for My Health Record are only installed on the Bp Premier server. When Bp Premier is started on a client computer, the client will pull any updated certificates from the server and install them in the client's Windows certificate store. You should not need to manually install certificates on a Bp Premier client.

Can Windows verify the Site certificate?

Perform this step first to determine how to correct the issue.

  1. From the Windows desktop, run a search for 'internet options'. Double-click the result to open the Internet Options settings.
  2. Search for internet options

  3. Select the Content tab and click Certificates to open the Certificates window.
  4. Open personal certificates

  5. Double-click your practice's HI certificate in the Personal tab of the Certificates window. The HI certificate will contain your practice name in the Issued to column.
  6. Inspect the information provided in the General tab.
  7. Certificate not verified

  8. If the Certification Information reports that Windows does not have enough information to verify the certificate (shown in the example above), follow the instructions in Import certificates into the Windows Trusted Root Authority.
  9. If Windows can verify the certificate and lists the intended purpose, follow the instructions in Reinstall certificates.

Import certificates into the Windows Trusted Root Authority

  1. In a Windows File Explorer, browse to C:\Program Files\Best Practice Software\BPS\MedicareCerts\.
  2. Right-click the certificate Medicare Australia Organisation CA and click Install certificate.
  3. The Certificate Import Wizard will open. Select a Store Location of Local Machine and click Next.
  4. Select Place all certificates in the following store and choose 'Trusted Root Certification Authorities'. Click Next.
  5. Confirm the details and click Finish.
  6. On Windows 7, a Security Warning message may appear. Click Yes to proceed.
  7. Repeat steps 2–6 for the certificate Medicare Australia Root CA.

Rerun the steps in Can Windows verify the Site certificate? to determine if the problem has been resolved. The General tab will show details similar to the following example if the Trusted Root Authority import was successful: 

Reinstall certificates

When you reinstall Site and NASH certificates, you must log in to the Bp Premier machine as a Windows administrator, and start Bp Premier by right-clicking on the desktop Bp Premier icon and selecting Run as Administrator.

If you do not know the server's administrator password, contact your IT support so an administrator can correctly import the certificates.

Follow these instructions on all Bp Premier workstations used for online claiming or My Health Record.

  1. Select Setup > Configuration > General tab and click Import certificates.
  2. Log in to the certificate utility displayed with a username and password that has the 'Configuration' permission.
  3. Click Reinstall Certificates to reinstall.

Last updated 13 December 2021