New Member

Solved

Forticlient keeps asking for Smart Card

Forum|Forum|11 years ago
January 13, 2015
10 replies
29703 views

I'm using the latest and greatest Forticlient (ver 5.2.2.0624) and I also have installed certificates from a Smart Card I use for other business. However, when I open the the Forticlient and try and use the SSL-VPN, I'll immediately get a prompt to install the smart card. I've verified that "Client Certificate" is NOT checked on the connection settings yet it continues to want and check the client certificates from the Smart Card. Need to find a way to get the Forticlient to NOT check for them without effecting the installed Smart Card certificates.

Best answer by iseutens

This works solution works.

+ Export the FortiClient XML configuration file:

- in FortiClient GUI, select the File -> Settings menu item

- click the Backup button

- provide a file name and directory location

+ Edit the exported configuration file. Add the XML element:

<show_auth_cert_only> in the <vpn> section. Set the value to 1.

Please see pages 33 and 36 of the document:

FortiClient XML Reference

http://docs.fortinet.com/uploaded/files/2076/forticlient-xml-52.pdf

+ Import the modified configuration file back into FortiClient,

using the Restore button in the File -> Settings page.

klaus

New Member

I have the same problem, very annoying.

Did you find a solution to this?

krodkey78

New Member

I was not having this issue until I upgraded to the latest version (5.2.3.0633). Now I am getting the request for the smart card 4x every time I try to do anything.

gt_wh

New Member

I'm having the problem as well: Very annoying to click away the multiple popup requests to insert the smartcard. Forticlient is quite persistent asking about it...

Smoetzak

New Member

Same problem here with build-in smartcard readers (haven't tried with external ones)

If you have a fresh install of your windows, everything works fine (with installed drivers of the cardreader)

If you install a 3th party program (like Belgium EID Viewer) for viewing passports, you get these popups.

My gues is that it has something to do with the driver that's installed after installing the 3th party software.

However, deleting the newly installed driver doesnt resolve the problem.

Got this problem with different kind of portables, so it's not brand specific.

The forticlient we use is also the newest: 5.2.3.0633

Allready tried:

- Deleting drivers in device mgmt

- Disabling smartcard reader in device mgmt.

- Disabling smartcard services

- Run as administrator/compatibility settings

- Reinstalling forticlient / 3rth party software

- Change smartcard settings in gpedit (computer settings/admin templates/windows components/smartcard

- Change all settings in forticlient

Debug logs don't give much either.

mati

New Member

Same thing with me. I have Estonian ID card software installed... I opened ticket to fortinet support.

got more information - this is bug. BUG ID: 0268225

this "insert smart cart" displayed if there is installed some EID certificates.

Smoetzak

New Member

Any news?

iseutens

New Member

I have the same problem.

Hopefully there will be an update soon.

Alivo__FTNT

Staff

Hi everyone,

this issue is planned to be resolved in FortiClient 5.2.4

Best Regards,

Pavel

iseutens

New Member

Thanks Pavel,

That's good news.

Do you know when this new version will be released?

iseutensAnswer

New Member

This works solution works.

+ Export the FortiClient XML configuration file:

- in FortiClient GUI, select the File -> Settings menu item

- click the Backup button

- provide a file name and directory location

+ Edit the exported configuration file. Add the XML element:

<show_auth_cert_only> in the <vpn> section. Set the value to 1.

Please see pages 33 and 36 of the document:

FortiClient XML Reference

http://docs.fortinet.com/uploaded/files/2076/forticlient-xml-52.pdf

+ Import the modified configuration file back into FortiClient,

using the Restore button in the File -> Settings page.

nicolecurioni

New Member

Thanks for the workaround. I've tried uploading the edited XML file into the program via CLI, because I cannot open the program normally (since i'm getting the silly Smart Card error). But for some reason, while trying to run the FortiClient.exe into the command prompt i'm getting Acces Denied. (yes i'm using Admin user).

Any ideas? Thanks a lot!

kwik

New Member

Hi Pavel,

When will FortiClient 5.2.4 been released?

I've tried the workaround, but I still have the same annoying Smart Card messages.

jonwood_mt

New Member

Hey there,

I totally get how frustrating that can be. It sounds like Forticlient is being pretty stubborn about wanting that Smart Card. I’ve had a similar issue before, and here’s what worked for me:

1. Check the Certificate Store: Sometimes, Forticlient pulls certificates from the Windows certificate store. Even if “Client Certificate” isn’t checked in the settings, it might still be detecting the certificates from your Smart Card. You could try temporarily removing the Smart Card certificates from the store to see if that stops the prompt.

2. Registry Tweak: There’s a registry setting that might help. Open `regedit` and navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient\FA_FCSSLVPN`. Look for a key named `CheckClientCert`, and make sure its value is set to `0`. If it’s not there, you can create it as a DWORD value and set it to `0`.

3. Reinstall Forticlient: Sometimes a clean reinstall can clear up weird settings or glitches. Uninstall Forticlient, restart your machine, and then install it again. Make sure you’re using the latest version when you do this.

4. Contact Support: If none of these steps work, it might be worth reaching out to Fortinet support. They’re usually pretty responsive and might have a solution specific to the version you’re using.

Hope one of these helps! Good luck!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded