Created on 10-19-2020 08:40 AM Edited on 07-10-2024 05:26 AM By Jean-Philippe_P
Description
This article describes how to resolve the 'Certificate file is not a CA file' error that occurs when uploading a CA certificate in the firewall.
Scope
Any version of FortiGate.
Solution
When the CA certificate is uploaded in the firewall as a CA certificate, the firewall may provide an error stating 'Certificate file is not a CA file' even though the certificate shows as a CA certificate.
To upload the certificate in the firewall as a CA certificate, the Basic Constraints parameter in the certificate must state that CA=true.
If this field is not present, the firewall will not accept the certificate as a CA certificate.
See the screenshot below:
Note: To decode the CA certificate on the local computer, run the following OpenSSL command:
openssl x509 -in ca_certificate_name.crt -text -noout
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.