Importing a FIPS Compliant Certificate

You can only import a self-signed certificate. The certificate must be an unencrypted private key or an encrypted PKC8 key. The MD5 digest algorithm is not a FIPS-approved algorithm, which means that PKCS1 keys are not supported.

Note: Do not use PKCS1 keys.You must ensure that the certificate is encrypted with PKC8. It is your responsibility to follow FIPS guidelines when generating the keys
  1. Navigate to Settings > Certificates.
    Figure 1. Navigate to Certificates
  2. Click Import.
    Figure 2. Import
  3. Select Available Certificate.
    Figure 3. Select Available Certificate
    Note: A certificate associated with a certificate signing request (CSR) is not suitable for FIPS. The CSR does not provide passphrase-based encryption.
  4. Select or drag-and-drop the self-signed certificate and the private key.
    Figure 4. Select the Self-signed Certificate
    Note: If the private key is passphrase-based encrypted (PBE), it should be PKCS8, not PKCS1. PKCS1 PBE uses MD5 in deriving the encryption key. The MD5 digest algorithm is not a FIPS-approved algorithm.

    There are no guards against importing PBE PKCS1 keys.It is your responsibility to follow FIPS guidelines when generating the keys and self-signed certificates that you import and install.

  5. Optionally, enter the passphrase.
  6. Click Import.