Category: X.509 certificate usage or issue
The supplied certificate is not a CA certificate.
This error is reported by fmos pki import-ca when the supplied certificate cannot be used as a CA certificate.
The FMOS system CA trust store can only accept certificates that have a basicConstraints extension with the cA bit set. Any certificate issued by a certificate authority that uses a certificate without the basicConstraints extension or with the cA bit unset will not be trusted.
X.509v3 certificates can have a basicConstraints extension that can be used to indicate whether or not the certificate is valid for use as a certificate authority. If the extension is missing, the certificate is not usable as a CA certificate. If the extension is present, it must have the cA bit set in order to be usable as a CA.
If the certificate authority uses a certificate without the basicConstraints extension or with the cA bit unset, the certificate cannot be added to the FMOS system CA trust store, and certificates issued by this CA will not be trus