Technical Tip: Persistent Agents not communicating after installing new SSL certificate
Description
This article describes an issue when FortiNAC can not scan or send messages to Persistent Agents after a new SSL certificate has been installed.
Scope
FortiNAC, Persistent Agent.
Solution
Unless security has been disabled on the agents, communication between the agents and NAC starts with an SSL handshake. This requires NAC to be secured with an SSL Certificate. If the newly installed certificate does not have all the intermediate and root certificates included, the Persistent Agent will not be able to validate the authenticity of the connection and will fail to communicate.
Ensure the following:
- All intermediate and root certificates have been installed. Refer to the related KB article below.
- Verify the affected hosts have the appropriate root certificate installed. For instructions, refer to the related KB article below.
Related articles:
Technical Note: Identify missing SSL certificates via administration UI
Technical Note: Verify Trusted Certificate Authorities on Windows or Mac OSX