DescriptionThis article describes some common errors when importing certificate in FortiManager or FortAnalyzer using GUI and CLI.Solution1) Error message 'Can not find any certificates to match the certificate being imported.'Common causes:Certificate doesn’t match with the generated CSR. Check whether the CSR matches the certificate with OpenSSL. Reimport the correct certificate.
2) Error message 'Check CA certificate file failed!'Common causes:Self-signed certificate needs to have the CSR generated on the local device, signed and import as local certificate3) Error message 'Checking certificate key file failed.'Common causes:The key file doesn’t match with the certificate or key file is not uploaded. Check whether the certificate matches a private key with OpenSSL. Reinstall correct key and certificates.4) Error message 'Input is not a valid CA certificate: Invalid X.509 input” or “Invalid private key'.Common causes:The texts below must be included when using CLI to import certificate. "-----BEGIN CERTIFICATE-----" AND "-----END CERTIFICATE-----"
"-----BEGIN PRIVATE KEY-----" AND "-----END PRIVATE KEY-----"
For example:
# config system certificate ssh edit <cert-name> set certificate "-----BEGIN CERTIFICATE----- > mPjDQDYkYHKcTrFa6aH7e1w1uM7kdaCAjyAoM7xcmuTrsCeLYfd+BwIDAQABo4ID > TDDDA0gwPQYJKwYBAAGCNxUVBDAwLgYnKwYBBARCNxUIorRWvO7dYITtkziB9KY0-----END CERTIFICATE-----" set private-key “-----BEGIN PRIVATE KEY----- > MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anG > z3P668YfhUbKdRF6S42Cg6zn-----END PRIVATE KEY-----“endRelated Articles
Technical Tip: How to generate a web server certificate for the FortiManager/FortiAnalyzer using Win...