We generated a CSR from an appliance provided to the customer. The customer provided us back a certificate, which appears to be in good order. We retrieved the Private Key from the appliance that generated the CSR and concatenated it with the certificate. We uploaded concatenated pair to an appliance with FIPS enabled, and it verified after uploading. On the certificate Set page, we selected the concatenated certificate, clicked Verify and it verified ok. We selected Set and the appliance rebooted. After the reboot the landing page does not load and 443 is not open. Rolling back to a snapshot makes the appliance reachable again.

The same certificate/key pair was uploaded and set on a non-FIPS PAM server, and it did not have this problem.

Release : 3.4, may affect 4.0 and 4.1 as well

Component : PRIVILEGED ACCESS MANAGEMENT

The Cryptographic Provider in FIPS mode, WolfSSL, is more sensitive to the private key format, which was not in PEM format when added to the certificate.

Converting the private key to PEM format and uploading to PAM (FIPS enabled) with that format resolved the problem.