Certificate chain not correctly formed

Reply
L4 Transporter

Certificate chain not correctly formed

Hello,

 

I am getting the warning below after importing a certificate. Is there a link/KB I can check to fix this?

 

Warning: certificate chain not correctly formed in certificate dc1pa.abcd.com.au

 

Thanks in advance!

L4 Transporter

Hi @Farzana

In order to fix this issue, you need to upload a copy of your Root CA and and Intermediate CA to the firewall.

 

This should fix the issue.

 

L4 Transporter

Hi @Willian

 

Thanks for the response. Do you mean import the certs? If not, what steps I need to take?

 

Cert.png

L4 Transporter

Correct, you need to first get a copy of your Root CA and Intermediate CA. The Intermediate CA is not actually mandatory unless you have one. Then click in the Import button. Map to each one of the certificates, and click in OK. It will upload, and if everything is correct the certificate chain should be formed with no problems.
L4 Transporter

Hi @Willian,

 

We currently have a wildcard SSL certificate that we use on Apache servers, Microsoft IIS servers, Cisco devices and when we try to import that same certificate to the Palos. However, we are unable to use that certificate (Device -> Certificates -> SSL/TLS Service Profile) i.e. we are unable to select the imported certificate.


Certificate.png

We have also exported the certificates and keys from IIS and imported them to the Palos and we receive the following error message - "Warning: certificate chain not correctly formed in certificate". We have followed the links as well as the method described below and still get the same error message as above.

Is there a guide to install a certificate on Palo similar to this (this is for a Cisco ASA)?


https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO22529&actp=search...

L0 Member

Exact same issue. Did you ever get it resolved?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!