After completing a trust package update on an affected product (either manually or automatically), administrators are not able to add new CA certificates to the browser-trusted CCL in the Common Operating Environment (COE) and will receive an error message “CA certificate is not FIPS compliant”.
ISG version 2.3.1+
Management Center 2.x (FIPS): 2.4.3+, Management Center 3.x: 3.1.3+
Administrators will need to restore factory defaults to circumvent this issue. Further, the issue may be encountered again if an automatic trust package update occurs.
After upgrading to a fixed product version (see Fix Schedule above), the issue will be corrected without any other customer action required.