Commit fails due to "Unmatched certificate and key" after imported a certificate

Commit fails due to "Unmatched certificate and key" after imported a certificate

642
Created On 09/26/25 01:22 AM - Last Modified 01/13/26 09:51 AM


Symptom


  • NGFW generated CSR(Certificate Signing Request), and imported the signed certificate.
  • After the certificate is imported, commit fails due to "Certificate <filename> failed to load: Unmatched certificate and key".
     

Environment


  • PAN-OS : 11.1.0. 11.0.3, 10.2.8 and 10.1.11 or later.
  • Platform : Any PAN-OS platform.
  • NGFW generated CSR and imported the signed certificate.

Cause


  • CSR generated with the certificate attribute and including invalid value, like "#". In this sample, "#123" is specified as Department(OU) value.
  • Generating CSR succeeds without any error on WebGUI.
  • While importing the signed cert with same CSR name again, the validation checks does not work. Therefore, importing the invalid certificate would also succeed without error.
  • During commit, the validation will work then the commit fails.


 

Resolution


  1. When create a new CSR, Make sure not to include any invalid value.
  2. If commit fails, re-generate new CSR and import that new singed certificate.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000blsnKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail