Description

This article describes some common errors when importing certificate in FortiManager or FortAnalyzer using GUI and CLI.

Scope

FortiAnalyzer.

Solution

 Error message 'Can not find any certificates to match the certificate being imported.'

• Common causes: Certificate does not match with the generated CSR. Check whether the CSR matches the certificate with OpenSSL. Reimport the correct certificate.
  
  

Error message 'Check CA certificate file failed!'

• Common causes: Self-signed certificate needs to have the CSR generated on the local device, signed and import as local certificate
  
  

Error message 'Checking certificate key file failed.'

• Common causes: The key file doesn’t match with the certificate or key file is not uploaded. Check whether the certificate matches a private key with OpenSSL. Reinstall correct key and certificates.

Error message 'Input is not a valid CA certificate: Invalid X.509 input” or “Invalid private key'.

• Common causes: The texts below must be included when using CLI to import certificate:

"-----BEGIN CERTIFICATE-----" AND "-----END CERTIFICATE-----"

"-----BEGIN PRIVATE KEY-----" AND "-----END PRIVATE KEY-----"

For example:

config system certificate ssh
    edit <cert-name>
        set certificate "-----BEGIN CERTIFICATE-----
        > mPjDQDYkYHKcTrFa6aH7e1w1uM7kdaCAjyAoM7xcmuTrsCeLYfd+BwIDAQABo4ID
        > TDDDA0gwPQYJKwYBAAGCNxUVBDAwLgYnKwYBBARCNxUIorRWvO7dYITtkziB9KY0
-----END CERTIFICATE-----"
        set private-key “-----BEGIN PRIVATE KEY-----
        > MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anG
        > z3P668YfhUbKdRF6S42Cg6zn
-----END PRIVATE KEY-----“
end

Error message 'The imported local certificate is invalid.'

• Common causes: There are special characters in the key(.key) or certificate(.pem) file, such as ' or '.

Related article:

Technical Tip: How to generate a web server certificate for the FortiManager/FortiAnalyzer using Win...