topic Cannot import signed certifcates in FIPS mode in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/cannot-import-signed-certifcates-in-fips-mode/m-p/536907#M1087 <P>When trying to import the signed cert in FIPS mode, error "import failed. Certificate chain cannot be validated, required CAs not found". This was a known <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UeLCAU&amp;lang=en_US%E2%80%A9" target="_blank" rel="noopener">issue</A> that was supposedly fixed in&nbsp;<SPAN>PAN-OS 9.0.9 and PAN-OS 9.1.4, current version: 10.2.3-h2.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I was able to get this working in a lab environment without FIPS. Are there additional steps that I need to take when exporting and signing a cert in FIPS mode or is this bug still present in 10.2.3-h2?&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>This error occurs in the Panorama GUI, PA-460 GUI and PA-460 CLI.&nbsp;</SPAN></P> <P>&nbsp;</P> Wed, 29 Mar 2023 14:29:14 GMT AaronStow 2023-03-29T14:29:14Z Cannot import signed certifcates in FIPS mode https://live.paloaltonetworks.com/t5/next-generation-firewall/cannot-import-signed-certifcates-in-fips-mode/m-p/536907#M1087 <P>When trying to import the signed cert in FIPS mode, error "import failed. Certificate chain cannot be validated, required CAs not found". This was a known <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UeLCAU&amp;lang=en_US%E2%80%A9" target="_blank" rel="noopener">issue</A> that was supposedly fixed in&nbsp;<SPAN>PAN-OS 9.0.9 and PAN-OS 9.1.4, current version: 10.2.3-h2.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I was able to get this working in a lab environment without FIPS. Are there additional steps that I need to take when exporting and signing a cert in FIPS mode or is this bug still present in 10.2.3-h2?&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>This error occurs in the Panorama GUI, PA-460 GUI and PA-460 CLI.&nbsp;</SPAN></P> <P>&nbsp;</P> Wed, 29 Mar 2023 14:29:14 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/cannot-import-signed-certifcates-in-fips-mode/m-p/536907#M1087 AaronStow 2023-03-29T14:29:14Z