| Description |
This article describes the issue when a FortiManager certificate import with the error 'Can not find any certificates to match the certificate being imported' due to the certificate being signed by CA with a mismatching key size. |
| Scope | FortiManager. |
| Solution |
FortiManager allows certificates to be imported as described in the documentation below: FortiManager - Local certificates.
But if the certificate being imported does not match the original certificate signing request (CSR) originated by the FortiManager, this error below will appear: 'Can not find any certificates to match the certificate being imported'.
It suggests that the certificate signed by the CA does not match any previous CSR generated by the FortiManager. In such a case, the certificated being imported can be compared against the original CSR in the FortiManager.
One example is that the original CSR has a key size of 2048 bits bit, but somehow the CA incorrectly signs it with a key size of 4096 bits. By comparing the original CSR generated by FortiManager and the certificate to be imported (signed by CA for the CSR), there is such a difference in key size.
For example, a key size of 2048 bits was originally filled in the CSR.
But the certificate signed by the CA for this CSR had a key size of 4096 bits.
The solution in this example is to have the CA signed with a key size matching that of the original CSR.
Note that it is just one example that can cause the error 'Can not find any certificates to match the certificate being imported'. It is also possible that other differences in other parts of the CSR and the imported certificate can result in the error.
Related documents: |
