Hello,
Since I did the integration of an SSL certificate signed by a Microsoft ADCS certificate authority. I have SSL errors in the phoenix.log related to the phMonitorSupervisor. And in the Cloud Health section, the supervisor status is critical.
phMonitorSupervisor[1519691]: [PH_HTTP_CLIENT_CURL_ERROR]:[eventSeverity]=PHL_ERROR,[procName]=phMonitorSupervisor,[fileName]=phHttpClient.cpp,[lineNumber]=882,[infoURL]=h_t_tps://*.*.*.*:443/phoenix/rest/sync/task?custId=1&agentId=1&time=1677772602,[phLogDetail]=curl error (60) Peer certificate cannot be authenticated with given CA certificates for method: GET
On the other hand, I have a valid certificate when I connect in the WEBUI of FortiSIEM.
In the FortiSiem documentation, it describes the procedure to add a signed certificate. But I have an impression that it is only for CA authorities like Entrust, etc.
So, should we add the root CA of ADCS in the OS certificates (rocky Linux)?
Thanks for your help
#fortisiem
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think in this instance it may be best to raise a support case.
You should not need to install it into any Rocky cert stores. A few things to double check..
1 - certificate configuration
2 - dns name and any alt names provided
3 - verify certificate validity
Thanks for the reply
I will check with support. But I confirm that my certificate is valid, the dns and I have followed the configuration guide.
Hi Slabrie,
any outcome or news regarding using MS AD Certs? I also opened a case with support and i will configure it next week.
Hello Slabrie,
i also want to implement an MSAD signed Cert but i did not try it because i read it that it seems not to be supported. I think the reason is there is only one Cert implemented for SSL and this is used in many places like connecting to the other FortiSIEM Appliances like Connectors and to external logsources like Azure and so on. Are you using this and is it still working in your case? Please let me know news about the outcome of your "experience".
Good Look!
Martin
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.