key exchange-algorithm-rsa unexpected

I was updating the device certificate profile on one of my FIPs enabled firewall running PanOS 11.1.4 when I encountered the error "key exchange-algorithm-rsa unexpected." Searching forums and the vendor site kept pointing me to deselecting RSA and other weak ciphers like SHA1 from the options provided. I unselected all the known weaker ciphers and tried updating the device certificate profile with the new certificate but kept running into the same error.

Frustrated I reached out to vendor support and was informed that this is a known issue with PanOS 11.1.4 train. I had to downgrade Panorama's OS to the latest 10.0.x train. After that I had to download PanOS 11.1.0 base image but was instructed not to install it. The last step was to upgrade to PanOS 11.1.4 h1. This workaround did solve the issue and I was able to successfully install my device certificate and commit changes with panorama. I also proceeded to upgrade Panorama to a stable PanOS version that does not have known exploitable vulnerabilities.