Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skaneria
Staff
Staff

Created on ‎10-19-2020 08:40 AM Edited on ‎07-10-2024 05:26 AM By Moderator

Article Id 192523

Troubleshooting Tip: Certificate file is not a CA file

Description


This article describes how to resolve the 'Certificate file is not a CA file' error that occurs when uploading a CA certificate in the firewall.

 

Scope

 

Any version of FortiGate.

Solution


When the CA certificate is uploaded in the firewall as a CA certificate, the firewall may provide an error stating 'Certificate file is not a CA file' even though the certificate shows as a CA certificate.
To upload the certificate in the firewall as a CA certificate, the Basic Constraints parameter in the certificate must state that CA=true.
If this field is not present, the firewall will not accept the certificate as a CA certificate.


See the screenshot below:

 

CA_true.png

 

Note: To decode the CA certificate on the local computer, run the following OpenSSL command:

 

openssl x509 -in ca_certificate_name.crt -text -noout

9476
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.