Unable to manage devices after switch to FIPS or legacy mode

Symptom

Unable to communicate with devices hosting lower strength certificates after switching from the CNSA mode to the legacy or FIPS mode.

Cause

When you downgrade the cryptography mode from a higher to a lower strength mode, the appliance continues to host the higher strength certificate in the downgraded mode. For example, the CNSA mode has a SHA384 certificate. When you switch the mode from CNSA to FIPS, the appliance continues to host the same SHA384 certificate.

Action
Import or regenerate a lower strength certificate on the appliance which is compliant with the lower strength cryptography mode.