Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Certificate chain cannot be validated - required CAs not found ... - Knowledge Base - Palo Alto Networks

Certificate chain cannot be validated - required CAs not found in Panorama Template FIPS mode

11799
Created On 07/02/20 02:33 AM - Last Modified 07/02/20 02:34 AM


Symptom


- Panorama in FIPS mode
- In the Template, when importing CSR certificate OR generating a child certificate (signed by Self-Signed CA), it fails with following errors:

  • "Import of certificate failed. Certificate chain cannot be validated, required CAs not found"
  • "Failed to insert certificate into configuration. Certificate chain cannot be validated, required CAs not found"

Environment


- Panorama M series and Panorama VM, in FIPS mode.
- Running PAN-OS:
  • 8.1.x
  • 9.0.8 and earlier
  • 9.1.3 and earlier

Cause


- The path used by Panorama to validate CA certificates was incorrect.

Resolution


The issue has been fixed in PAN-OS 9.0.9 and PAN-OS 9.1.4.
 

Additional Information


PAN-120830: Fixed an issue in Panorama where certificate import failed with the following error message: `Certificate chain cannot be validated, required CAs not found`.
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 238,492
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UeLCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language