Manual Enrollment. 1. FMC > Objects > PKI >Cert Enrollment 1.1 Manual Enrollment, CA Certificate can leave blank temporally, but once Device Certificate is added at next step, CA Certificate will be grey out. Include the custom FQDN, otherwise, browser may still give error even CN and SAN look good. " ERR_CERT_COMMON_NAME_INVALID " CN will be automatically Added to SAN in the CA issued certificate. 2. Devices > Certificates, "Add" click "ID" button to generate CSR Once get the certificate, import above. If CA info is blank in step 1, we will see: Note FMC PKI Trusted CAs is not used for FTD device certificate, so import CA there doesn't resolve the issue. We need delete the device certificate in order to add the missing CA info in the enrollment, then add the device certificate again, Click ID button to display CSR (this is always the same one, doesn't need be re-sent to CA.) and import the certificate. 3. To rene