Description
This article describes an issue when attempting to install a new SSL certificate with private key via the Administration UI and a message appears indicating that private key is invalid.
Scope
FortiNAC v8.x.
Solution
- Review the private key file using a text editor. Alternatively, if in Linux, the file can be viewed by running the command:
cat <filename>
Key Header looks like this:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2jNIpG/iak9WT
QvhfPZHNp1jKbmlEf4KnV27i4nbIYp6kWYUegH/I64G3Q8AnP1IBP4KQruPmhxZs
Note:
The header does not have "RSA" in it. This is an indication the Key is not in the correct format and needs to be converted to RSA format.
- Convert the private key file. For instructions, refer to the related KB article below. Once properly converted, the header should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtozSKRv4mpPVk0L4Xz2RzadYym5pRH+Cp1du4uJ2yGKepFmF
- Complete SSL Certificate upload using the newly converted private key file.
Related articles
Technical Note: Convert SSL private key to RSA format
Technical Note: Private Key error when installing renewed SSL certificate
Technical Tip: 'One or more certificates are invalid' error
