Technical Tip: How to clear cache of server and client certificate in case web page is blocked with NET:: ERR_CERT_AUTHORITY_INVALID
| Description | This article shows how to clear the cache of the server certificate and client certificate. |
| Scope | FortiGate. |
| Solution | Background:
When the web page is blocked by the certificate untrusted error, the following solution can be used to clear the cache and make the certificates work properly again.
The web pages will be accessible again and not blocked.
The error that is visible while accessing the page is:
NET:: ERR_CERT_AUTHORITY_INVALID NET:: ERR_CERT_DATE_INVALID
In the logs, the following error is shown:
block-cert-untrusted
Solution:
Open SSH to the FortiGate and execute the following commands:
diagnose ips share list scert_cache <----- To view the server entries. diagnose ips share list server_cache_0 <----- If the previous scert_cache command returns empty, use this. diagnose ips share pool <---- Use this command to view the various certificate pools and the current entries.
diagnose ips share clear cert_verify_cache
diagnose test app ipsmonitor 99 <----- To reset the IPS engine. execute update-now |