This issue is most commonly seen when the FIPS Key originated from another device’s private key that was subsequently imported into the FIPS ADC appliance. Commonly, private keys from other devices are imported as password protected PFX files. PFX files are converted on the FIPS ADC into PEM files that contains both the certificate and the private key.
After the PEM file is imported as an FIPS Key, the administrator will attempt to install new certificate definition using the existing PEM file and the new FIPS Key imported from the PEM file. The administrator provides the PFX file password when attempting to install the certificate definition using either of the following:
-
NetScaler administration utility (GUI): Traffic Management > SSL > Certificates > Install
-
Terminal session (CLI): add ssl certkey
The administrator might incorrectly include the PFX file password when installing the new certificate definition. However the password is not required for an FIPS Key imported as the private key exported from the PFX file to the PEM file will not be encrypted.