Hi Julian, I am confused about what you did. If you created the CSR using PAM following instructions at https://docops.ca.com/ca-privileged-access-manager/3-0-1/EN/implementing/configure-your-server/configure-security-settings/create-a-self-signed-certificate-or-a-certificate-signing-request, you would import the certificate only because the private key would be on the PAM server already. But above you show a "Certificate with Private Key" selection. Does that imply that you created the CSR outside of PAM and now want to import the certificate with private key? In that case, make sure the private key is included in what you import. If you did create the CSR using PAM, please note the following step in the procedure at the above link:
4. Rename the certificate that is received from the third party if necessary, so that:
a) Its base name is the same as the one that originally generated.
b) Its extension is ".crt".
For example, if the original PEM name was abc.pem, the uploaded file must be named abc.crt