FortiAuthenticator Upgrade Breaks EAP-TLS

Forum|Forum|30 days ago
May 6, 2026
4 replies
90 views

I upgraded my FAC from 6.6.4 > 8.0.3 and something has broken EAP-TLS,

Users have a cert on their devices, and a profile pushed out to the laptops, that says , connect automatically using the device cert to the SSID, before it connects seamlessly, but now they get a prompt that says “continue connecting?” if you expect to find THIS-SSID in this location, go ahead and connect” then asks you to show certificate details.

This didnt happen before the upgrade, I think so far its WINDOWS 10 users only, cannot see anything in the release notes either? help appreciated.

FortiAuthenticator

AEK

SuperUser

Looks like an issue with RADIUS certificate. Try renew it and see if it helps.

AEK

JasysAuthor

Explorer

The Radius Cert is valid, its a ROOT INTERNAL CA

ebilcari

Staff

I did a quick search internally and this behavior appear to be fixed in 8.0.3 (1280659), https://docs.fortinet.com/document/fortiauthenticator/8.0.3/release-notes/279684/resolved-issues

Emirjon

JasysAuthor

Explorer

I am running 8.0.3 (Typo in the OP!)

ebilcari

Staff

Are the hosts able to successfully connect after getting the notification?

Emirjon

JasysAuthor

Explorer

I would say yes, but I am getting them to check, I notice some logs say this (not all)

2026-05-06T13:45:46.934567+01:00 FORTIANALYZER radiusd[21164]: (2060) eap_tls: (TLS) TLS - The client is informing us that it does not recognize the CA used to issue the server certificate. Please update the client so that it knows about the CA.

The CA is valid, they only use one, and wouldn't all users fail?

JasysAuthor

Explorer

This is happening since the upgrade to 8.0.3 , Windows 11 can click connect and can carry on, windows 10, dont work at all, this is something to do with the FAC upgrade, has to be

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded