| Description |
This article describes how to fix the unable to import certificates signed by third-party CA. |
| Scope | FortiAuthenticator. |
| Solution |
Go to Certificate Management -> End Entities -> Local Services to generate a CSR certificate.
After exporting the CSR certificate to have it signed by a third-party CA, importing the CSR certificate signed by a third-party CA to FortiAuthenticator failed and showed the following error:
‘Import has failed: There is no matching certificate request for server certificate 'CN=John'.
The issue is due to the CSR being deleted on FortiAuthenticator. The CSR is made and linked to a unique private key that cannot be duplicated. Make sure not to delete the CSR or the importing of signed CSR by third-party CA will fail. Even if a new CSR that has the same parameters as the old CSR has been created, it will still fail. The private key for the other CSR is different. Importing the certificate matching the CSR will attempt to import the public key that matches the private key, so these become a keypair.
It is necessary to generate a new CSR again and have it signed by the third-party CA to fix this issue. Afterwards, do not delete the CSR. Importing the CSR certificate will then succeed.
|
