After completing a trust package update on an affected product (either manually or automatically), administrators are not able to add new CA certificates to the browser-trusted CCL in the Common Operating Environment (COE) and will receive an error message “CA certificate is not FIPS compliant”.

Affected Products:

ISG version 2.3.1+

Management Center 2.x (FIPS): 2.4.3+, Management Center 3.x:  3.1.3+

Reporter 10.6.2+

Fix Schedule:

• ISG 2.4 - released on Feb 2022
• Management Center 3.3 - released on Feb 2022

Workaround:

Administrators will need to restore factory defaults to circumvent this issue.  Further, the issue may be encountered again if an automatic trust package update occurs.

After upgrading to a fixed product version (see Fix Schedule above), the issue will be corrected without any other customer action required.