Technical Tip: How to troubleshoot if unable to import local certificates in FortiADC

Description

This article describes the troubleshooting steps required to perform if the user is unable to import certificates in FortiADC.

Scope

FortiADC.

Solution

While importing a certificate on a FortiADC device, there can be issues where the user is prompted with errors such as 'The imported local certificate is invalid' or 'Failed to store the private key'.

This can happen if the certificate is not of the correct type as chosen in the type. To confirm that, go to the properties of that certificate and verify the certificate details.

However, if the certificate type is correct and still the same issues exist. Try to import this certificate into another FortiADC or Windows key store if it is available for testing purposes. If that imports without issue, then try to generate a CSR on FortiADC. If that fails with the same error message, then it is linked to the LogDisk issue.

To resolve this issue, try to rebuild logdb by using the following command:

# execute log rebuild-db
You need to wait 2 minutes at least until log rebuild completes

Try again after some time to import the certificate. If that does not work, then proceed to the next workaround, format the log disk by using the command below:

# execute formatlogdisk
This operation will erase all data on the log disk!
Do you want to continue? (y/n) y

Note: This will reboot the appliance.

This will resolve the issue of importing the certificate. If the issue persists, then reach out to Fortinet Support, so one of the engineers can assist further on this.