Skip to main content
kazuki
kazuki
New Member
December 6, 2023
Question

Client certificate authentication fails.

  • December 6, 2023
  • 2 replies
  • 3768 views

■Equipment Information
model number:FG-60F-FW-US
version:v7.2.5

 

■Questions
Use ssl-vpn in tunnel mode.
Authentication methods are client certificate, ID and password.

 

9 PKI users were created.
The client certificate is a file common to all users.
However, when I try to connect from FortiClient(Windows10), only one particular user can connect to the VPN. If I try to connect with the rest of the users, the connection fails.
I would like to know about the cause. Thank you in advance.

2 replies

dbhavsar
Staff
dbhavsar
Staff
December 6, 2023

Hello @kazuki ,
- Can we know at what percentage it is failing?
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL-VPN/ta-p/211965

or if you can get debugs while connecting that will also help why it is failing
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542

kazuki
kazukiAuthor
New Member
December 7, 2023

Ignore this sentence.

kazuki
kazukiAuthor
New Member
December 7, 2023

Hello @dbhavsar 

 

Thanks for the reply.

At 48%, I get an error message.
The error message is as follows.
"VPN connection cannot be established, VPN server may not be reachable (0)"

dbhavsar
Staff
dbhavsar
Staff
December 7, 2023

Hi @kazuki
please try to disable TLS 1.0 / 1.1 in internet options, if that does not helps please collect the following debugs and open up a ticket with TAC:

diagnose debug application sslvpn -1

diagnose debug application fnbamd -1

diagnose debug console timestamp enable
diagnose debug enable

kazuki
kazukiAuthor
New Member
December 8, 2023

Hi @dbhavsar 

 

Thank you very much. I will try it.

Terms & ConditionsAccessibility statement