Symptom
"Basic constraints are not critical or not defined", error when importing identity certificate into FMC.
Conditions
Received when identity (end-user) certificate does not have basic constraints extension set to critical or defined as True or False.
Workaround
Set the basic constraints extension to critical and define the value as true or false during cert generation.
Bypass the FMC check for constraint extension (call TAC).
Further Problem Description
Basic constraints certification extension identifies whether the certificate is validate to sign other certs (is it a CA cert?).
https://tools.ietf.org/html/rfc5280#section-4.2.1.9
