Technical Tip: Application Server Operating System updates fail
Description
Separate Application Servers unable to perform Operating System updates when set to use fnac-updates.fortinet.net.
Symptoms include:
- 'ERROR' status appears when checking for updates in the Administration GUI.
- 'Peer's Certificate issuer is not recognized' errors when attempting to check or run OS updates via CLI.
Solution
Workaround:
1. Login to the affected Application Server CLI as root.
2. Type:
cd /usr/share/pki/ca-trust-source/anchors/
3. Confirm the file 'fortinet-cas.pem' is listed, then type:
update-ca-trust
4. Verify the certificate is now recognized and update checks complete and type:
yum check-update
Alternatively, check for OS updates via the Administration GUI under System > Settings > Updates > Operating System and select 'Check for Updates'.
Solution:
This is considered a known Anomaly. A complete list of Known Anomalies is available at the following URLs:
https://docs.fortinet.com/document/fortinac/8.8.0/known-anomalies
ID 746986