Skip to main content
Bognad
Bognad
New Member
December 9, 2020
Solved

FortiGate-60E Low-Encryption Unable to Access FortiGate WebUI from HTTPS, HTTP only

  • December 9, 2020
  • 2 replies
  • 29707 views

Hello!

I have FortiGate-60E Low-Encryption

https://kb.fortinet.com/kb/documentLink.do?externalID=FD37333

 

I have error:

This site can’t provide a secure connection

fortigate.local uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Hide details Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.       I saw https://forum.fortinet.com/tm.aspx?m=104586 Is FortiGate-60E Low-Encryption support https WebGUI?
    Best answer by Yurisk

    Sounds like exercise in frustration - you have to find browser of the Windows XP SP2 era, but then all the HTML5/Javascript of the Fortigate GUI stuff  will not work/work partially with it. 

    So the short answer - no, with LENC you don't have HTTPS for management, just HTTP or SSH .

     

    2 replies

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    December 9, 2020

    It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:

      fg50e-utm (global) # get | grep admin-https-ssl   admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.

    Bognad
    BognadAuthor
    New Member
    December 11, 2020

    toshiesumi wrote:

    It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:

      fg50e-utm (global) # get | grep admin-https-ssl admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.

    Many thanks for the prompt reply!

    I have tried different browsers, they are support tls all versions.

    A have tried enable all ssl options:

     

     

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    December 11, 2020

    I don't think so. You can check if LENC or not with one of methods in the KB:

    https://kb.fortinet.com/k....do?externalID=FD37333

    ronaldgevern
    ronaldgevern
    New Member
    June 29, 2022

    This issue usually involves a problem with your web browser or your site’s SSL certificate. The browser’s telling you that because it’s trying to tell you there’s a problem with the certificate the website is using for HTTPS, so “this site can't provide a secure connection”. In all cases the end-to-end encryption is still going to work just because HTTPS can’t function without it. There is no definite guide for managing this error.

     

    Two possible options to get rid of this issue

     

    1. Use Self Sign certificate
    2. Remove domain security policy:

    Steps for Chrome :

     

    • Go to : chrome://net-internals/#hsts
    • Query HSTS/PKP domain for localhost
    • Use Delete domain security policies option to delete configuration for localhost

    This error is because of the following problems:

     

    • Invalid SSL or SSL is untrusted (self-signed)
    • SSL Not installed properly
    • Old Technology or SSL/TLS version for encryption

     

    Terms & ConditionsAccessibility statement