Staff

Technical Tip: Accessing the FortiGate GUI Triggers a Browser Prompt to Select a Certificate

Forum|Forum|1 year ago
February 18, 2025
0 replies
3719 views

Description

The article below describes an issue where FortiGate prompts the user to choose a certificate, despite the admin settings not being configured to require a client certificate. This behavior impacts usually the devices after the firmware upgrade to v7.0.17, v7.2.11, v7.4.6, and v7.6.2 or later.

Scope

FortiGate.

Solution

The behavior applies to the devices that have any of the following setups in place:

IKE2VPN with Client Certificate authentication enabled.
SSL VPN requires Client Certificate Authentication.
IKEv1 Site-to-Site VPN with Certificate Authentication required for peers.

cert prompt.png

Ensure the following requirements are met:

config system global
set admin-https-pki-required disable
end

The 'admin-https-pki-required' setting is displayed within global configurations and can be verified by executing the following command or by reviewing the TAC report:

show full-configuration system global

Additionally, if a PKI user is configured, it should not be assigned to the admin user:

config user peer
edit "cert_ca"
set ca "cert_CA2"
next
end

This issue has been resolved in v7.4.8 and v7.6.3.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded