NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
This article explains how to resolve the issue generated while installing new or renewed SSL certificates to the FortiNAC Server via GUI and a red 'X' error or any other error related to the Private Key appears.
Scope
8.x, 9.x, 7.2.x, 7.4.x, 7.6.x and above.
Solution
Common causes:
This type of issue may occur when the Private Key that was used to generate the CSR for the new or renewed SSL Certificates is in the wrong format or ('ENCRYPTED').
Upon checking, all the certificate files (root, intermediate, server) look correct.
However, when trying to upload the certificates along with the private key to the FortiNAC server via the GUI, the red 'X' error appears.
Review the Private Key file using a text editor like notepad.
After checking the Private Key format, it may be noticed that it is encrypted or in the wrong format.
If the Private Key file is the wrong one or if it is corrupted, export the Private Key from the Device or Server where the CSR for the Certificates was generated.
Upload the Private Key to the FortiNAC server using an SCP/SFTP application and place it in any directory such as /bsc/campusMgrUpdates
Log into the FortiNAC CLI as 'root', then convert the Private Key file located in /bsc/campusMgrUpdates from Encrypted to RSA using the following command (keep in mind the conversion requires the Encrypted File Password to be able to unencrypt it):
openssl rsa -in <Encrypted-Key> -out <RSA-Key>
Download the converted and unencrypted Private Key file from the FortiNAC Appliance to the local machine.
Finally, upload all the Certificates and the converted Private Key to the corresponding target (Admin UI, Portal, Radius or Persistent Agent).
Optional:
If it is in a format other than encrypted (such as PKCS8 to RSA), use the following command to convert it:
