Skip to main content
gsharma
Staff
gsharma
Staff
June 11, 2025

Troubleshooting Tip: How to troubleshoot FortiWeb not being able to connect to FortiGuard servers due to a certificate issue

  • June 11, 2025
  • 0 replies
  • 1101 views

Description

This article describes how to troubleshoot if FortiWeb is not able to connect to FortiGuard servers due to a certificate issue.

Scope

FortiWeb.

Solution

FortiWeb is getting an issue on accessing the GUI, showing error 'License has been uploaded, Please wait a few seconds for license authentication with Fortinet registration servers. Require Internet connection'. This occurs if FortiWeb is unable to connect to FortiGuard servers.

 

fw-vm_webui.JPG

 

To get the debugs, the following commands can be used:

diagnose debug reset

diagnose debug application fds 7

diagnose debug application updated 7
diagnose deb application sslutil 7
diagnose debug enable
execute update-now


In the debug logs, the following error can be seen:

 

(__ssl_info_callback : 432) SSLv3/TLS read server certificate request
(__ssl_verify_cb : 523) Something is wrong with certificate or certificate revoked, errorno(20).

 

This happens due to an expired certificate or an invalid certificate. If the certificate is valid, then the upstream firewall has to be checked.

 

If the upstream firewall has deep SSL inspection enabled, it can cause certificate failure, as the firewall upstream may modify the certificate. Alternatively, use the following command to identify which FDN server it failed to connect to:

diagnose system update log


For example:

upd_act.c[186] Trying FDS 209.222.147.39:443

upd_comm.c[357] Proxy tunneling is disabled

upd_comm.c[471] only need to local ca verify, anycast_flag 0

upd_comm.c[490] SSL connecting SSL_get_error (1), SSL_connect (-1)

 

After, run the following debug command:

diagnose system update connection 209.222.147.39

 

Workaround: Disable SSL inspection and/or security profiles enabled in the firewall.

 

Note: If disabling SSL inspection and/or security profiles enabled in the firewall does not make any difference, reach out to Fortinet Support via the Support Portal for further troubleshooting.

 

Related document: 

Connecting to FortiGuard services 

Terms & ConditionsAccessibility statement