Technical Tip: 'Bad certificates in BIOS!' error message

Description

This article describes the error message displayed upon startup, 'Bad certificates in BIOS!' on FortiGate devices.

This error occurs even after a factory reset and flash memory format, and firmware reload.

FG400A (16:20-04.26.2005)
Ver:04000000
Serial number:FG400A2905500836
RAM activation
CPU(00:00000f29 bfebfbff): Do MP initialization
CPU(01:00000f29 bfebfbff): Do MP initialization
Total RAM: 512MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 61MB.
Press any key to display configuration menu...
......

Reading boot image 1453382 bytes.
Initializing firewall...
System is started.
Bad certificates in BIOS!

Scope    

FortiGate.

Solution

The error message indicates that the unit does not contain a valid BIOS certificate or that FortiOS has failed to read it.

In legacy versions of FortiOS, the error appeared because the structure changes in the firmware caused the FortiGate unit to read the default certificate from the BIOS instead of the flash memory. In this case, this error will not cause any issues and can be ignored if you do not intend to implement a VPN with a Certificate. To completely resolve it, upgrade to firmware version 4.0.4 (b113) or v4 MR1P2 (b192) or later.

This error can also occur on FortiOS versions 7.4.8, 7.4.9, and 7.6.4 when the device serial number contains letters in the last five digits. This is a known issue and has been resolved in FortiOS v7.4.10 and v7.6.5.