Technical Tip: How to avoid 'Connection not secure' warning for FortiPAM in Mozilla Firefox browser
| Description | This article explains how to avoid 'Connection not secure' or 'Warning: Potential Security Risk Ahead' pop-up warnings during connecting to the FortiPAM GUI via Firefox browser. |
| Scope | FortiPAM. |
| Solution | Browser security warnings are displayed when the browser is establishing a HTTPS connection to the FortiPAM for GUI access, however the provided certificate is not trusted by the end-user's browser. This can happen for several reasons, mostly due to a mismatch between the used FQDN/IP and the information contained in the server certificate's CN or SAN fields, or if the currently used server certificate has expired. For example:
This type of warning indicates that the server certificate provided by FortiPAM is not trusted and should be validated. Select the 'Learn more' link inside the warning to display further details.
If the certificate has expired, a new server certificate can be generated and applied to be used instead of the existing one. Procedure is the same if a new certificate is to be created for the CN or SAN fields to match the IP address directly, instead of the FQDN:
Follow the instructions, download, and install the Fortinet_CA_SSL CA certificate on each client machine.
Other details of the certificate can be verified in the FortiPAM GUI under System -> Certificates -> Local Certificate section:
The left certificate displays the server certificate that was generated in the steps before. The right certificate is the CA Certificate (Fortinet_CA_SSL, located in the section: Local CA Certificate).
Download the CA Certificate from the FortiPAM GUI and install it in the workstation's Certificate Store as a Trusted Root Certification Authority.
On FortiPAM, the new server certificate needs to be added under Network -> Interfaces -> SSL Certificate, to be used as the FortiPAM GUI SSL certificate:
The last step is to add the Fortinet_CA_SSL to the Certificate settings in the Firefox browser as a Trusted Root Certification Authority:
Upon refreshing and verifying the connection afterwards, no further certificate warnings should be displayed and the URL tab in Firefox should display the FortiPAM's URL as trusted.
|
