Description
This article describes how to resolve the 'Certificate file is not a CA file' error that occurs when uploading a CA certificate in the firewall.
Scope
Any version of FortiGate.
Solution
When the CA certificate is uploaded in the firewall as a CA certificate, the firewall may provide an error stating 'Certificate file is not a CA file' even though the certificate shows as CA certificate.
To upload the certificate in the firewall as CA certificate, the Basic Constraints parameter in the certificate must state that CA=true.
If this field is not present, the firewall will not accept the certificate as CA certificate.
See the screenshot below:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.