Description | In FortiWeb, when a local certificate is imported, the error “invalid length of value” may appear even when the certificate itself is valid. This is because only the certificate file is imported but the private key has not been provided. Both the certificate file (.cer) and the private key file (.key) must be imported. |
Scope |
FortiWeb |
Solution |
For FortiWeb to perform SSL “Offloading” or “Inspection”, it must have the private key for the server certificate it presents to the client so that it can decrypt the HTTPS traffic. When importing the local certificate (System -> Certificate -> Local), the three options below are available. If Local Certificate is selected (which only prompts for the certificate file), it will be denied with the error “Invalid length of value”.
The correct procedure for importing certificates in PEM format is to select “Certificate” and import both the certificate file (.cer) and private key file (.key). Then the certificate will be imported successfully as shown below.
In the PEM format certificate, the certificate and private key files can be identified by the text like below. Certificate file: -----BEGIN CERTIFICATE----- … -----END CERTIFICATE-----
Private key file: -----BEGIN PRIVATE KEY----- … -----END PRIVATE KEY-----
Warning: Disclosure of private keys compromises the security of your network. So the private key must be kept secret.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.