So I am ditty bopping through the always highly detailed Cisco procedures for adding my own root cert as a trusted certificate authority on my Clean Access Manager ver. 4.5.0 . I have generated a request, received my cert from my onsite root CA (we are our own self signed root CA), and am trying to import it when I get the error "Must include end entity certificate ... ". Not knowing what this is or what it might mean, I Google it and find responses that only deepened my puzzlement. Stumped, I try the Cisco site with no success, not a single hit on this error message. So, finally, I am posting here. I have tried to import the PEM encoded CA-signed cert as per instructions. Sadly I get this message. There is NO intermediate CA (we are a small shop) so I am genuinely clueless here. Any help would be gratefully appreciated.