search cancel

"CA certificate is not FIPS compliant" error when adding ca-certificate to browser-trusted CCL

book

Article ID: 230587

calendar_today

Updated On:

Products

Management Center ISG Proxy Reporter Reporter-S500 Reporter-VA

Issue/Introduction

After completing a trust package update on an affected product (either manually or automatically), administrators are not able to add new CA certificates to the browser-trusted CCL in the Common Operating Environment (COE) and will receive an error message “CA certificate is not FIPS compliant”.

Environment

Affected Products:

ISG version 2.3.1+

Management Center 2.x (FIPS): 2.4.3+, Management Center 3.x:  3.1.3+

Reporter 10.6.2+

Resolution

Fix Schedule:

  • ISG 2.4 - released on Feb 2022
  • Management Center 3.3 - released on Feb 2022

 

Workaround:

Administrators will need to restore factory defaults to circumvent this issue.  Further, the issue may be encountered again if an automatic trust package update occurs.

After upgrading to a fixed product version (see Fix Schedule above), the issue will be corrected without any other customer action required.