The article describes how to resolve the wrong password error while loading an OpenSSL-generated PKCS#12 Certificate in FortiManager/FortiAnalyzer via FTP. OpenSSL is not endorsed or supported by Fortinet.
Scope
FortiManager v7.4.2, FortiAnalyzer v7.4.2, OpenSSL
Solution
Loading an OpenSSL generated PKCS#12 certificate in FortiManager/FortiAnalyzer using FTP gives the error:
FMG-VM64 # execute certificate local import-pkcs12 ftp Starting transfer PKCS#12 file from FTP server... Transferred 0.003M of 0.003M in 0:00:00s (0.021M/s) Starting import PKCS#12 file... Failed: could not load the shared library (wrong password?) Failed. Command fail. Return code -26
The error is because the certificate was generated using older OpenSSL versions which most likely use weak encryption algorithms.
Since FortiManager/FortiAnalyzer v7.4.2 the supported OpenSSL version is upgraded to v3.1.2.
Regenerate the certificate using the latest version of OpenSSL (v3.1.2 or higher).
Load the new certificate to FortiManager/FortiAnalyzer:
FMG-VM64 # execute certificate local import-pkcs12 ftp Starting transfer PKCS#12 file from FTP server... Transferred 0.004M of 0.004M in 0:00:00s (0.164M/s) Starting import PKCS#12 file... Done.