FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
ckarwei
Staff
Staff
Article Id 193408
Description
This article describes some common errors when importing certificate in FortiManager or FortAnalyzer using GUI and CLI.

Solution
1) Error message 'Can not find any certificates to match the certificate being imported.'

Common causes:
Certificate doesn’t match with the generated CSR. Check whether the CSR matches the certificate with OpenSSL. Reimport the correct certificate.


2) Error message 'Check CA certificate file failed!'

Common causes:
Self-signed certificate needs to have the CSR generated on the local device, signed and import as local certificate


3) Error message 'Checking certificate key file failed.'

Common causes:
The key file doesn’t match with the certificate or key file is not uploaded. Check whether the certificate matches a private key with OpenSSL. Reinstall correct key and certificates.


4) Error message 'Input is not a valid CA certificate: Invalid X.509 input” or “Invalid private key'.

Common causes:
The texts below must be included when using CLI to import certificate.
"-----BEGIN CERTIFICATE-----" AND "-----END CERTIFICATE-----"
"-----BEGIN PRIVATE KEY-----" AND "-----END PRIVATE KEY-----"
For example:

# config system certificate ssh

    edit <cert-name>
        set certificate "-----BEGIN CERTIFICATE-----
        > mPjDQDYkYHKcTrFa6aH7e1w1uM7kdaCAjyAoM7xcmuTrsCeLYfd+BwIDAQABo4ID
        > TDDDA0gwPQYJKwYBAAGCNxUVBDAwLgYnKwYBBARCNxUIorRWvO7dYITtkziB9KY0
-----END CERTIFICATE-----"
        set private-key “-----BEGIN PRIVATE KEY-----
        > MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anG
        > z3P668YfhUbKdRF6S42Cg6zn
-----END PRIVATE KEY-----“
end

Related Articles

Technical Tip: How to generate a web server certificate for the FortiManager/FortiAnalyzer using Win...

Contributors