Skip to main content
msundman
msundman
Visitor III
November 30, 2022
Question

Forticlient with TPM-enrolled certificates on Windows

  • November 30, 2022
  • 1 reply
  • 6706 views

I'm trying to get certificate-based authentication with TPM-enrolled certs working with FortiClient on Windows 10.

 

Fortigate-VM 7.2.2

FortiClient ZTNA 7.0.7 on Windows 10

 

I have everything working with a software enrolled certificate on a test client, but when I try to connect from the same client with TPM-enrolled cert (issued from the same CA), the connection fails with error:

 

Unable to establish the VPN connection. The VPN server may be unreachable or your identity certificate is not trusted. (-5)

 

According to debug logs (and confirmed with wireshark) it appears as the Fortigate is sending a Client Certificate Request, but the client never responds with any certificate:

 

[199:root:3789]client cert requirement: yes [199:root:3789]SSL state:SSLv3/TLS read client hello (155.4.221.225) [199:root:3789]SSL state:SSLv3/TLS write server hello (155.4.221.225) [199:root:3789]SSL state:SSLv3/TLS write certificate (155.4.221.225) [199:root:3789]SSL state:SSLv3/TLS write key exchange (155.4.221.225) [199:root:3789]SSL state:SSLv3/TLS write certificate request (155.4.221.225) [199:root:3789]SSL state:SSLv3/TLS write server done (155.4.221.225) [199:root:3789]SSL state:SSLv3/TLS write server done:(null)(155.4.221.225) [199:root:3789]SSL state:fatal decode error (155.4.221.225) [199:root:3789]SSL state:error:(null)(155.4.221.225) [199:root:3789]SSL_accept failed, 1:unexpected eof while reading [199:root:3789]Destroy sconn 0x7f45714aa700, connSize=1. (root)

 

Anyone else who got this working?

 

PS: I'm already working actively with Fortinet TAC on this problem, but wanted to check with the community in parallel.

 

1 reply

msundman
msundmanAuthor
Visitor III
December 2, 2022

Further testing shows that Software-based CNG-keys created using the Microsoft Software Key Storage Provider works, but I'm unable to use TPM created keys using the Microsoft Platform Crypto Provider.

 

For testing I've created two self-signed certs like this:

 

New-SelfSignedCertificate `       -KeyUsage DigitalSignature `       -FriendlyName "Mathias CNG-SW Key" `       -Subject "Mathias CNG-SW Key" `       -KeyExportPolicy NonExportable `       -CertStoreLocation "cert:\CurrentUser\My" `       -Provider "Microsoft Software Key Storage Provider" `       -KeyAlgorithm RSA `       -KeyLength 2048     New-SelfSignedCertificate `       -KeyUsage DigitalSignature `       -FriendlyName "Mathias CNG-TPM Key" `       -Subject "Mathias CNG-TPM Key" `       -KeyExportPolicy NonExportable `       -CertStoreLocation "cert:\CurrentUser\My" `       -Provider "Microsoft Platform Crypto Provider" `       -KeyAlgorithm RSA `       -KeyLength 2048

 

When I connect using the CNG-SW key, I can see how the TLS handshake is completed:

 

[199:root:399f]allocSSLConn:306 sconn 0x7f45720e4f00 (0:root) [199:root:399f]SSL state:before SSL initialization (155.4.221.225) [199:root:399f]SSL state:before SSL initialization (155.4.221.225) [199:root:399f]got SNI server name: rmsit-vpn-pki.it-total.se realm pki [199:root:399f]client cert requirement: yes [199:root:399f]SSL state:SSLv3/TLS read client hello (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write server hello (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write certificate (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write key exchange (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write certificate request (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write server done (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write server done:(null)(155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write server done (155.4.221.225) [199:root:399f]SSL certificate verification: self-signed certificate [199:root:399f]SSL certificate verification: self-signed certificate [199:root:399f]SSL state:SSLv3/TLS read client certificate (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS read client key exchange (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS read certificate verify (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS read change cipher spec (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS read finished (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write session ticket (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write change cipher spec (155.4.221.225) [199:root:399f]SSL state:SSLv3/TLS write finished (155.4.221.225) [199:root:399f]SSL state:SSL negotiation finished successfully (155.4.221.225) [199:root:399f]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

 

But when I use the CNG-TPM key, it actually receives the certs and concludes it's a self-signed cert, but then fails with fatal decrypt error on client key exchange:

 

[199:root:39a2]allocSSLConn:306 sconn 0x7f45720e4f00 (0:root) [199:root:39a2]SSL state:before SSL initialization (155.4.221.225) [199:root:39a2]SSL state:before SSL initialization (155.4.221.225) [199:root:39a2]got SNI server name: rmsit-vpn-pki.it-total.se realm pki [199:root:39a2]client cert requirement: yes [199:root:39a2]SSL state:SSLv3/TLS read client hello (155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS write server hello (155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS write certificate (155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS write key exchange (155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS write certificate request (155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS write server done (155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS write server done:(null)(155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS write server done (155.4.221.225) [199:root:39a2]SSL certificate verification: self-signed certificate [199:root:39a2]SSL certificate verification: self-signed certificate [199:root:39a2]SSL state:SSLv3/TLS read client certificate (155.4.221.225) [199:root:39a2]SSL state:SSLv3/TLS read client key exchange (155.4.221.225) [199:root:39a2]SSL state:fatal decrypt error (155.4.221.225) [199:root:39a2]SSL state:error:(null)(155.4.221.225) [199:root:39a2]SSL_accept failed, 1:last octet invalid [199:root:39a2]Destroy sconn 0x7f45720e4f00, connSize=0. (root)

 

msundman
msundmanAuthor
Visitor III
December 2, 2022

Problem solved!

 

It was caused by old broken TPM firmware that didn't support RSA-PSS, so no CertificateVerify message was sent to the Fortigate.

 

Disabling RSA-PSS in the registry according the following article resolved the issue, forcing it to use PKCS1-SHA256 to sign the message instead.

 

https://learn.microsoft.com/en-us/answers/questions/467673/windows-10-tpm-20-client-authentication-in-tls-12.html

 

    Terms & ConditionsAccessibility statement