Skip to main content
IT-Basche
IT-Basche
New Member
January 24, 2025
Question

FortiOS 7.0.17 & Personal Cert on GUI

  • January 24, 2025
  • 5 replies
  • 2193 views

Hello.

After updating our Fortigate devices (40F, 600E) to 7.0.17 we've got a window to choose a personal cert.

The windows comes up up, befor I can enter my credentials.

 

Where is this to change back (we don't use this feature), or where can I add a valid cert?

 

Thanks in advance for your answers.

 

Regards

Dirk Emmermacher

5 replies

abarushka
Staff
abarushka
Staff
January 24, 2025

Hello Dirk,

 

Could you please elaborate whether you are referring to certificate which is used to access FortiGate GUI or some other certificate?

 

https://docs.fortinet.com/index.php/document/fortigate/7.2.2/administration-guide/499047/using-the-default-certificate-for-https-administrative-access

    IT-Basche
    IT-BascheAuthor
    New Member
    January 24, 2025

    We're using a official wildcard cert.
    The behaviour of the GUI is new. With 7.0.16 the login sit comes without any additional windows, where I was asked for acert.

     

    FW (global) # show
    config system global
    set admin-server-cert "wild-card-2024"
    set admin-sport xxx
    set admin-ssh-port xxx
    set admintimeout 30
    set alias "FortiGate"
    set dh-params 8192
    set hostname "FW-01"
    set management-port-use-admin-sport disable
    set ssl-min-proto-version TLSv1-3
    set ssl-static-key-ciphers disable
    set switch-controller enable
    set timezone 26
    set vdom-mode multi-vdom
    end

     

    Regards

    Dirk

    abarushka
    Staff
    abarushka
    Staff
    January 24, 2025

    Hello Dirk,

     

    Could you please elaborate what you are referring to by "official wildcard cert"?

      IT-Basche
      IT-BascheAuthor
      New Member
      January 27, 2025

      Good morning.

      We're  using a public wildcard cert here for our devices.

      ebilcari
      Staff
      ebilcari
      Staff
      January 24, 2025

      Based on the description it seems that the browser is asking to do certificate-based client authentication like shown here. I'm not aware that this is applied to Admin UI. If you skip the certificate selection in the browser you still get Admin access right? You can also try to clear the cache of the browser.

      Emirjon
        IT-Basche
        IT-BascheAuthor
        New Member
        January 27, 2025

        Hello Emirjon.

        That would be the right place for configuration. 

        The point here is, that under authetification scheme is nothing configured.

         

        Would it be an option to activate the activation scheme, and disable 

        the cert-auth-cookie ?

         

        Regards

        Dirk

        MikeParz
        MikeParz
        New Member
        February 10, 2025

        I am seeing the same behavior.   It was not happening on 7.0.16 and nothing in the article 
        ebilcari posted is configured on our firewalls.   I haven't had the opportunity to open a ticket yet. 

        IT-Basche
        IT-BascheAuthor
        New Member
        February 11, 2025

        Hello Mike.

        Meanwhile we made upgrade over 7.2 to 7.4. The behaviour doesn't change .

         

        Regards

        Dirk

        Terms & ConditionsAccessibility statement