Question: Which cert format should use to upload it on the controller if the CSR is generated externally or on the controller?
When the CSR was generated externally with a private key and signed by external source, if we try to upload the cert on the controller we would receive this error; in this case the following solution would help you to fix it;
If CSR and private key generated externally, then private key has to combine with cert otherwise controller will look for private key in it but it will not be there since CSR was not generated on controller you can use either PEM or PKCS12.
If using PEM, then combine private key with the cert in order to upload.
We cannot not use PKCS12 cert format if CSR is generated on controller however we can use both (PEM/PKCS) if CSR generated externally and it is singed by CA.
If the CSR is generated externally then the only thing to take care is combing private key and cert if using PEM format if it does not happen then automatically as in PKCS12 user has to take care of contenting both files concatenating.