Skip to main content
ck8882
ck8882
Explorer
October 8, 2023
Solved

FortiGate login wepage still show "not secure" in the address bar

  • October 8, 2023
  • 3 replies
  • 5484 views

HI 

 

Anyone have experience and idea how to configure and process generate CSR at FGT and sign by FAC for internal access in order the webpage won't show warning and address bar show "not secure" ?

 

I did try generate CSR in fortigate and signed by FAC. I did import the local CA from FAC to the end user devices. However, still see the warning and address bar show "not secure" 

 

Appreciate anyone could share the idea and the step i missing

 

I did refer link below as well

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/628126/fortiauthenticator-as-a-certificate-authority

 

 

 

 

Best answer by srajeswaran

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/499047/new-default-certificate-for-https-administrative-access-7-2-1 This document confirms that if the SAN is not valid the browsers will give the error as you have observed.

3 replies

srajeswaran
Staff
srajeswaran
Staff
October 8, 2023

Hi @ck8882 ,

I have tested this behavior in the past and the issue was observed in below scenarios.

 

1. The CN is not matching with the domain name
2. The root CA cert is not added to trusted cert store
3. The SAN field is missing in the certificate

Could you please make sure all the 3 are taken care in your test?

 

Thanks,

Suraj

ck8882
ck8882Author
Explorer
October 8, 2023

HI srajeswaran,

 

I use IP address to configure the CN and login with IP address as well since it's internal access only. I also upload the CA cert from FAC to the chrome, firefox also. Still see the same issue.

 

For the SAN, i also configured IP:192.168.10.10

 

still not work. Do you have any other idea could be the reason?

 

Thanks

srajeswaran
Staff
srajeswaran
Staff
October 8, 2023

Can you confirm if you see the SAN when you open the certificate? I remember the Windows AD/CA not adding the SAN (when not specified) even though the CSR is generated with SAN .

 

dbu
Staff
dbu
Staff
October 8, 2023

Hi @ck8882 ,

Could you please share more, possibly a screenshot of the warning details. 

 

Regards!

ck8882
ck8882Author
Explorer
October 9, 2023

HI Dbu,

 

Please see the error screen below. According to the document link, i didn't configured the SAN value, would like to know is it required must configured SAN?

 

 

webpage error.JPG

smayank
Staff
smayank
Staff
October 9, 2023

Hello

I request you to refer this video link to make it secure.

https://www.youtube.com/watch?v=gMWEH32L4aE\

Thanks  & Regards

Mayank Sharma

ck8882
ck8882Author
Explorer
October 9, 2023

HI Smayank,

 

I have to sign the CSR by other side instead of use built-in self create cert.

 

Thanks

Terms & ConditionsAccessibility statement