Description
This article describes the steps to resolve the SSL certificate import error on FortiGate. The error generally occurs when the uploaded certificate has no matching certificate signing request (CSR).
Scope
FortiGate.
Solution
When importing the SSL Certificate that is signed by the CA (Digicert, GoDaddy, or GlobalSign) for the CSR generated on FortiGate, the following error can be seen.
This error message occurs when the CSR (Certificate Signing Request) and the signed certificate do not match.
However, if the CSR has been generated on FortiGate and if the CA validates and confirms that the certificate matches the original CSR and private key, the certificate would have been imported to FortiGate successfully, despite the GUI displaying the above error message.
To know if the Certificate has been imported to FortiGate, go to System --> Certificate --> Local Certificate and check that it is listed and the Status is Valid.
If it shows as Valid, then the above error message on the GUI can be ignored.
The GUI-related issue is being investigated internally, and a fix can be expected in the near future.
Related document:
