Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
montoro
New Contributor

Created on ‎06-09-2020 02:21 PM

"Input is not a valid CA certificate" when trying to install policy package from FMG

Hi all,

 

I have an issue when trying to install policy package from FortiManger to FortiGate. It seems that FMG created a root_CA2 and pushed to FortiGate. But it is "Input is not a valid CA certificate".

 

FMG VM (VMware): 6.2.5

FGT VM (VMware): 6.2.4

trial license

 

Please share if you know how to fix the issue. Is it the default action (creating a root_CA and pushing to FGT) from FMG?

 

Thanks.

 

Here is an example of the install log of the error:

FG-VM1 (ca) $ edit "root_CA2" FG-VM1 (root_CA2) $ set ca "-----BEGIN CERTIFICATE----- FG-VM1 (root_CA2) $ MIIDADCCAeigAwIBAgIgMUMxRkQ5QkMwREJERUY0QkQxRkVGNjc3MEFEMTc3MzIw FG-VM1 (root_CA2) $ DQYJKoZIhvcNAQEFBQAwKzEWMBQGA1UEChMNRm9ydGluZXQgTHRkLjERMA8GA1UE FG-VM1 (root_CA2) $ AxMIRm9ydGluZXQwHhcNMjAwNjAyMTAxMzExWhcNMzAwNjA3MTAxMzExWjArMRYw FG-VM1 (root_CA2) $ FAYDVQQKEw1Gb3J0aW5ldCBMdGQuMREwDwYDVQQDEwhGb3J0aW5ldDCCASIwDQYJ FG-VM1 (root_CA2) $ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPUnrx8lqCUCQNoD/BrTXciUEjCY94Tq FG-VM1 (root_CA2) $ hQrikfTuicblekrTjDg7K1l/NV3oYgwVzBn7F3Jn54po/XxmmeGFLgLYSzVR6h7T FG-VM1 (root_CA2) $ zWPHRHRbgj1R/GS8fX4nzLk7h8Yy4HCjCdwiwwA6bDAll6uKp0eFYCM3uAQyMKg+ FG-VM1 (root_CA2) $ j6v6se/SwBzHx8tvPzSFh1ka6ukF1Xk0tln7Wmxs9RPKHAQCeVfjN+AubOph4SUK FG-VM1 (root_CA2) $ PY1svRH7XgeKOZLTX85ZOUCZpDUHjiUTLLe8DwXvlGnU+pPbtDVn5V0y26Fm5kHN FG-VM1 (root_CA2) $ GQYb3QBXCxH+LdRyFxqjDP+ugCsISZXJjrXN0U+8Y0ETHDGUQ+Xec7sCAwEAAaMQ FG-VM1 (root_CA2) $ MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAEyHpAs2dHBlzR8Wa FG-VM1 (root_CA2) $ +HeJ6XYt4c1BcGOO7EkuFzLFx7T/gLg/tdVXTzIxZK/8ecWhj5aC8UnxA6LthgGO FG-VM1 (root_CA2) $ xZ2FbU9eb2/1DIJFe7vfrJJwqTfN+uTFpSMIDZW1qEdvD6bN2iQZQbIiAD8d+kR0 FG-VM1 (root_CA2) $ H7Ogr2EV8MB9HQtUSmOXSiIfYWD8xoTCYmCZZ3t9eu7Xa/N0lRbfKqhRz1vQGQeE FG-VM1 (root_CA2) $ Dv9FreQ84BawMPaEeirQAt+ZDYR4LQVcwvRbxGVDq5qPjzBmXA4MTxbYYz2xvIki FG-VM1 (root_CA2) $ bvqVoVJHYNpYks3TEAxvG7oOigQUmsWRIc4TF8OtDEySsmRlJ4uTO1J41Uov8wnN FG-VM1 (root_CA2) $ 3zCHJQ== FG-VM1 (root_CA2) $ -----END CERTIFICATE-----" Input is not a valid CA certificate. FG-VM1 (root_CA2) $ set range global FG-VM1 (root_CA2) $ next The field ca is empty!

2314
0 Kudos
1 REPLY 1
BK_LGW
New Contributor

Created on ‎07-16-2020 09:47 AM

Hello. Had you by any chance found the reason behind this? I'm seeing it pop up in my lab environment while trying to install a config, FMG to FGT.

1552
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.