search cancel

"CA certificate is not FIPS compliant" error when adding ca-certificate to browser-trusted CCL


Article ID: 230587


Updated On:


Management Center ISG Proxy Reporter Reporter-S500 Reporter-VA


After completing a trust package update on an affected product (either manually or automatically), administrators are not able to add new CA certificates to the browser-trusted CCL in the Common Operating Environment (COE) and will receive an error message “CA certificate is not FIPS compliant”.


Affected Products:

ISG version 2.3.1+

Management Center 2.x (FIPS): 2.4.3+, Management Center 3.x:  3.1.3+

Reporter 10.6.2+


Fix Schedule:

  • ISG 2.4 - released on Feb 2022
  • Management Center 3.3 - released on Feb 2022



Administrators will need to restore factory defaults to circumvent this issue.  Further, the issue may be encountered again if an automatic trust package update occurs.

After upgrading to a fixed product version (see Fix Schedule above), the issue will be corrected without any other customer action required.