Skip to main content
ManpreetSingh
Staff
ManpreetSingh
Staff
February 24, 2026

Technical Tip: Resolving SSL VPN tunnel certificate selection prompt on Mac

  • February 24, 2026
  • 0 replies
  • 181 views
Description This article describes a solution to the issue where the SSLVPN tunnel prompts for a certificate selection on a Mac device, which is not expected. The user is required to select a certificate, but this prompt should not appear.
Scope FortiGate, FortiClient/EMS.
Solution

The following is the untrusted certificate issue reflected in a MAC device:

 

Gemini_Generated_Image_65a89q65a89q65a8.png

 

To resolve the issue, follow these steps:

  1. Confirm that a trusted certificate, such as the root CA, is installed in the User's Keychain. Go to Keychain -> Login -> Certificates and select the trusted CA certificate.
  2. Make sure the certificate is trusted.
  3. Open a terminal window and run the following command, replacing <trusted CA cert> with the Common Name of the certificate and https://192.0.2.1:10443 with the URL setup for SAML authentication: 

 

security set-identity-preference -s "https://192.0.2.1:10443" -c "<trusted CA cert>"

 

  1. Enter the login Mac password to verify.
  2. Users will now auto-connect to the VPN without being prompted to select a certificate.
      Terms & ConditionsAccessibility statement