Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kayescomputers
New Contributor

'Importing the csr response failed'

I've seen discussion in the forums about renewing a certificate and coming across this message, but I don't immediately see anything about when this is a new certificate being installed.  I've acquired a signed certificate from a trusted authority but when I import the certificate I get the 'importing the csr response failed' message.  I'm just not totally clear on how to approach this, any thoughts / advice would be very much appreciated?  

 

Cheers!

5 REPLIES 5
emnoc
Esteemed Contributor III

Questions & tips

 

Are you importing a CSR or  CERT ( I think your meant cert ) ?

 

Doe the certificate have the key already in the  fortimail?

 

Can you use a opensource tool to check the cert/priv-key pair ? I like openssl but you can use a online  cert-checker server but I hate pasting a key in some one else tool

 

e.g openssl

 

openssl x509 -in <certname> -noout -modulus | openssl md5

 

openssl rsa -in <keyname> -noout -modulus | openssl md5

 

Does  the 2 hashes match ?

 

 

Is the cert proper format with regards to subject  fields  C=  ST =  L=   O=    CN=   etc.......

 

ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
kayescomputers

I am importing a cert, yes.  The error message I get though is 'failure to import csr response'.

 

Not sure how to tell if the certificate has the key to be honest?  Basically, I generated the csr from the FortiMail unit and submitted to the signing authority.  I received an intermediate certificate and a root certificate back from the signing authority... pretty much where I'm at.  Can't quite figure what's causing the error message to be thrown. 

 

Cheers - MT

Bromont_FTNT

The intermediate and root certs from the CA would be imported under the CA Certificate tab.... If the CSR was generated on the Fortimail then you shouldn't have an issue the signed cert from the CA. You should still have one in there showing "pending"

kayescomputers

You're right.... :\  just as I got your response I realised that I had managed to delete the corresponding 'pending' request.  Rookie mistake, all good now!

 

Thanks for your help!

 

Cheers - MT

 

emnoc
Esteemed Contributor III

Good , I knew it was something simple ;)

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors