Importing 3rd party certificate fails
I'm trying to import a 3rd party certificate for my firebox but always get an error saying failed to import certificate. I'm following the instructions from https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/thirdparty_webserver_certificate_c.html but it still fails.
What I've done is the following -
1 Generated CSR using openssl
2 Generated certificate (Sectigo Positive SSL)
3 Tried importing the CA Bundle with root and intermediate certificates to the firebox (fails with general error saying only import failed.)
4 Tried importing the signed certificate from Sectigo (fails with general error saying only import failed.)
Some questions -
There is a note on the WG URL for installing 3rd party certificates that says the following :
If you create a certificate with third-party software such as OpenSSL, the EKU field in the certificate must be populated with the values for TLS Web Server Authentication and TLS Web Client Authentication. These values are required for any web server certificates imported on the Firebox. A CSR generated on the Firebox automatically includes these EKU values.
How can this be done and are there any step by step examples for adding these values to the EKU field? Are these values added when generating the CSR or added when generating the certificate? What specific values need to be inputted?
What is the proper way to import the CA bundle to the firebox? (step by step)
Is there any way I can see more info (logs) about why the CA Bundle and Certificate imports are failing? The general error tells me nothing.
Any help would be greatly appreciated. Thanks