Skip to main content
julianhaines
julianhaines
Explorer II
November 29, 2022
Solved

Remote users using VPN getting Invalid Certificate

  • November 29, 2022
  • 1 reply
  • 5381 views

Good day,

 

I am having an issue with users connected remotely to the office using FortiGate VPN, when connected any site the uses navigate to locally on their computer show certificate errors, for example the site www.google.co.uk gets a certificate issued by FortiGate issued to www.google.co.uk.

 

Do I have to import the FortiGate certificate to the remote users computer to get this working? the users are using their own computers and not on the company domain.

 

I am quite new to FortiGate and just learning.

 

Thanks

Julian

Best answer by anikolov

Hello Julian,

 

You can also try to move from full inspection to certificate inspection or no inspection, but this will make some of the UTM features misfiring. If you are not using UTM, with no inspection you should not face certifcate errors. For example, the application control would not work appropriately and the web filter with no inspection won't work for https traffic.

 

Here is a manual (I picked 5.4 intentionally as it has more broad explanations):
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/329138/preventing-certificate-warnings

 

Regards,

1 reply

anikolov
Staff
anikolovAnswer
Staff
November 29, 2022

Hello Julian,

 

You can also try to move from full inspection to certificate inspection or no inspection, but this will make some of the UTM features misfiring. If you are not using UTM, with no inspection you should not face certifcate errors. For example, the application control would not work appropriately and the web filter with no inspection won't work for https traffic.

 

Here is a manual (I picked 5.4 intentionally as it has more broad explanations):
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/329138/preventing-certificate-warnings

 

Regards,

julianhaines
julianhainesAuthor
Explorer II
December 2, 2022

Hello,

Thanks for the advice, I found that because the computers were not domain joined they did not get the Certificates added, I manually imported and its working.

 

I am setting up a system that will auto import the certificates for non domain computers that is secure.

 

Thanks

Terms & ConditionsAccessibility statement