Staff

Troubleshooting Tip: Certificate file is not a CA file

Forum|Forum|5 years ago
October 19, 2020
0 replies
10039 views

Description

This article describes how to resolve the 'Certificate file is not a CA file' error that occurs when uploading a CA certificate in the firewall.

Scope

Any version of FortiGate.

Solution

When the CA certificate is uploaded in the firewall as a CA certificate, the firewall may provide an error stating 'Certificate file is not a CA file' even though the certificate shows as a CA certificate.
To upload the certificate in the firewall as a CA certificate, the Basic Constraints parameter in the certificate must state that CA=true.
If this field is not present, the firewall will not accept the certificate as a CA certificate.

See the screenshot below:

Note: To decode the CA certificate on the local computer, run the following OpenSSL command:

openssl x509 -in ca_certificate_name.crt -text -noout

FortiGate v5.4
FortiGate v5.6
FortiGate v6.0
FortiGate v6.2
FortiGate v6.4

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded