Certificate import error - Import of Certificate failed. Failed to extract certificate.

Certificate import error - Import of Certificate failed. Failed to extract certificate.

41292
Created On 09/25/18 17:30 PM - Last Updated 10/15/20 22:50 PM


Symptom

Sometimes when you try to import a certificate to the Palo Alto Networks firewall you might see this error "Import of Certificate failed. Failed to extract certificate." In this example, we are using the certificate DigiCert High Assurance CA-3.

Screenshot_8.png



Environment
  • Certificates


Cause

The certificate format is not feasible with the Palo Alto Networks, which is why the error occurs.  

This is what the certificate looks like in Notepad:

Screenshot_3.png



Resolution
  1. Save the certificate to the desktop.
  2. Open the cert and copy it to a file and, while saving, use the option "Base-64 encoded C.509 (.CER) format."
    If you open the new cert in notepad it should look clean.
  3. Re-import the new certificate and it should be successful.

 

Screenshot_1.pngScreenshot_2.pngScreenshot_3.png

What it looks like in notepad after exporting.

Screenshot_5.png

Screenshot_6.png

After the Cert is imported:

2017-12-18_cert1.jpg



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGSCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language