I recently picked up a Cisco SG250-08HP
and it would not accept a certificate that I issued for it, using my own Root CA. Even after bootstrapping trust with the CA it still would not work, and the error message was unclear. After a few hours of research and many failed attempts I finally found a replicable way to achieve this. So I hope this might help someone else that runs into this in the future.
TL;DR: RSA key pair must be in pkcs1 format for the Cisco switch to accept it.
To give some additional context, I generated my certificates with Pfsense 2.6.0
at the time of this writing using SHA256 and 2048 bit keys.
OpenSSL version used in this guide: OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)