Looking for a Fortinet Consultant

hi,

not a Fortinet expert here, especially on the API/automation side.

are you using a API token ( authorization bearer ) for connecting to the firewall or with a username and password ?

can you share more info about the error or the request that you are using ?

Are you using a publicly signed certificate on the management interface, and if so, using that FQDN (not IP) to connect to the firewall?  If it's not a publicly signed cert, you will have to download it and then upload it to your server to explicitly trust it.  I'm not sure the exact libraries you are looking at, but this may help:

https://www.geeksforgeeks.org/python/ssl-certificate-verification-python-requests/

The API is basically HTTPS access. The API key is just doing authentication AFTER the HTTPS or rather TLS exchange. The policy update or whatever will be done AFTER that.

So your python script will be the HTTPS/TLS client to the FortiGate as TLS server. No idea what your client is, but I assume it offloads that task to the OS and as such - do you have certificate warnings with a browser that uses the FortiGate certificate store when access the FortiGate on the exact same address as your python script?

Hi,

I work with FortiGate APIs regularly and have seen this SSL validation issue before.

Usually its either the certificate chain not being properly imported or Python not trusting the self-signed cert.

I can help you sort out the certificate trust store and get your bulk policy updates running smoothly. Should be straightforward to fix in a couple hours.

Feel free to reach out if you need a hand with this.

You can reach out to me on my email here
Colin