I am currently installing a fresh VCSA 7.0.3 (i.e. no upgrade). I want to install a server certificate, created outside VCSA and certified by our CA - which fails. After some not so helpful error messages from the GUI and the CLI. I think the root cause of my problem is this (VCSA shell):

$ openssl rsa -modulus -in vcsa01.pem -noout
Enter pass phrase for vcsa01.pem:
unable to load Private Key
139740738669312:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:

Is VCSA's OpenSSL simply missing some algorithms (for export reasons?)? Can I switch them on in /etc/ssl/openssl.cnf? Or do I have no other choice than to generate new keys and a CSR from within the VCSA and get a new certificate?

The key pair/CSR was generated with "OpenSSL 1.1.1l 24 Aug 2021", whereas VCSA 7.0.3 has "OpenSSL 1.0.2zc-fips 22 Feb 2022" installed. I have also checked against "OpenSSL 1.0.2y 16 Feb 2021" (Solaris 11.4), which is able to read the private key. I used "openssl genrsa -aes256 ..." to generate the key.