Skip to main content
ckarwei
Staff
ckarwei
Staff
December 28, 2020

Troubleshooting Tip: Common error when importing a certificate

  • December 28, 2020
  • 0 replies
  • 16951 views

Description

This article describes some common errors when importing a certificate in FortiManager or FortAnalyzer using GUI and CLI.

Scope

FortiAnalyzer.

Solution

The error message 'Can not find any certificates to match the certificate being imported.' may appear.

  • Common causes: Certificate does not match with the generated CSR. Check whether the CSR matches the certificate with OpenSSL. Reimport the correct certificate.

Error message 'Check CA certificate file failed!':

  • Common causes: Self-signed certificate needs to have the CSR generated on the local device, signed and import as local certificate.


Error message 'Checking certificate key file failed.':

  • Common causes: The key file doesn’t match with the certificate or key file is not uploaded. Check whether the certificate matches a private key with OpenSSL. Reinstall correct key and certificates.

 

Error message 'Input is not a valid CA certificate: Invalid X.509 input' or 'Invalid private key':

 

  • Common causes: The sections below must be included when using the CLI to import a certificate:

 

"-----BEGIN CERTIFICATE-----" AND "-----END CERTIFICATE-----"
"-----BEGIN PRIVATE KEY-----" AND "-----END PRIVATE KEY-----"


For example:

config system certificate ssh
    edit <cert-name>
        set certificate "-----BEGIN CERTIFICATE-----
        > mPjDQDYkYHKcTrFa6aH7e1w1uM7kdaCAjyAoM7xcmuTrsCeLYfd+BwIDAQABo4ID
        > TDDDA0gwPQYJKwYBAAGCNxUVBDAwLgYnKwYBBARCNxUIorRWvO7dYITtkziB9KY0
-----END CERTIFICATE-----"
        set private-key “-----BEGIN PRIVATE KEY-----
        > MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anG
        > z3P668YfhUbKdRF6S42Cg6zn
-----END PRIVATE KEY-----“
end


Error message 'The imported local certificate is invalid.':


Common causes: 

  • There are special characters in the key(.key) or certificate(.pem) file, such as ' or '.

  • The certificate is already installed in FortiGate. Verify the Serial number against the details of already imported certificates in the device to validate this.

 

Related article:

Technical Tip: Common error when import certificate

    Terms & ConditionsAccessibility statement