Certificate chain cannot be validated - required CAs not found in Panorama Template FIPS mode

Certificate chain cannot be validated - required CAs not found in Panorama Template FIPS mode

8984
Created On 07/02/20 02:33 AM - Last Modified 07/02/20 02:34 AM


Symptom


- Panorama in FIPS mode
- In the Template, when importing CSR certificate OR generating a child certificate (signed by Self-Signed CA), it fails with following errors:

  • "Import of certificate failed. Certificate chain cannot be validated, required CAs not found"
  • "Failed to insert certificate into configuration. Certificate chain cannot be validated, required CAs not found"

Environment


- Panorama M series and Panorama VM, in FIPS mode.
- Running PAN-OS:
  • 8.1.x
  • 9.0.8 and earlier
  • 9.1.3 and earlier

Cause


- The path used by Panorama to validate CA certificates was incorrect.

Resolution


The issue has been fixed in PAN-OS 9.0.9 and PAN-OS 9.1.4.
 

Additional Information


PAN-120830: Fixed an issue in Panorama where certificate import failed with the following error message: `Certificate chain cannot be validated, required CAs not found`.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UeLCAU&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language