Troubleshooting Tip: Browser error 'Not secure' when accessing FortiGate GUI

When accessing the FortiGate GUI for management, the error 'not secure' is observed in the browser.


When checking the error detail, there is no information about certificate validity or any certificate warning.


This happens due to HTTP being used instead of HTTPS for the GUI while the 'Redirect to HTTPS' setting is not enabled under System -> Settings -> Administration Settings. By default, the browser will display this 'not secure' error when using HTTP.


To avoid the error, use HTTPS instead or enable the 'Redirect to HTTPS' setting. When using HTTPS, make sure the certificate used for the GUI is trusted by the client; otherwise, a certificate warning will be observed. See this article: Technical Tip: Certificate Error in Admin Access - Fortinet Community for more information.

This issue can also happen if the SAN field is not correctly filled while generating the CSR. In the image below, it can be observed that the SAN field has a value DNS Name=IP:192.168.x.x. It is incorrect; the value should be IP: 192.168.x.x.

Related articles:
Technical Tip: Certificate warning while accessing FortiGate 

Technical Tip: GUI Untrusted HTTPS server certificate