Skip to main content
yetopen
yetopen
New Member
December 19, 2022
Question

Unable to bypass expired certificate on macOS

  • December 19, 2022
  • 3 replies
  • 5567 views

Hi.

Upgraded to the latest available release for macOS (7.0.7.0245), but we're still unable to bypass expired certificate error.

Apparently, this is not an issue with Linux and Windows clients.

Is it possible to bypass it on macOS too?

thanks

 

 

 

20221219 09:32:59 [VPN:INFO] PacketTunnelProvider.swift:32 VPN provider: 0245 20221219 09:32:59 [VPN:INFO] PacketTunnelProvider.swift:38 Start tunnel. 20221219 09:32:59 [VPN:INFO] SSLVPNTunnel.swift:571 Tunnel connection state: CONNECTING 20221219 09:32:59 [VPN:DEBG] SSLVPNTunnel.swift:586 On has better path change 20221219 09:32:59 [VPN:DEBG] SSLVPNTunnel.swift:594 No better path 20221219 09:32:59 [VPN:EROR] SSLVPNTunnel.swift:36 Failed to bypass certificate. error : Error Domain=NSOSStatusErrorDomain Code=-67818 "“*.vpn.domain.it” certificate is expired" UserInfo={NSLocalizedDescription=“*.vpn.domain.it” certificate is expired, NSUnderlyingError=0x6000036ecfc0 {Error Domain=NSOSStatusErrorDomain Code=-67818 "Certificate 0 “*.vpn.domain.it” has errors: Certificate is not temporally valid;" UserInfo={NSLocalizedDescription=Certificate 0 “*.vpn.domain.it” has errors: Certificate is not temporally valid;}}} 20221219 09:32:59 [VPN:INFO] SSLVPNTunnel.swift:561 Tunnel connection state: CANCELLED 20221219 09:32:59 [VPN:EROR] SSLVPNTunnel.swift:457 Closed while starting, with error: certificateError

 

 

 

 

3 replies

funkylicious
SuperUser
funkylicious
SuperUser
December 19, 2022

Hi,

Have you tried installing the certificate in Keychain and mark it as trusted ?

"jack of all trades, master of none"
yetopen
yetopenAuthor
New Member
December 20, 2022

Tried now: added to the macOS KeyChain, set it as trusted, restarted FortiClient VPN, but same error.

yetopen
yetopenAuthor
New Member
December 21, 2022

I found an open source alternative to the official FortiClient which works, and can accept the expired certificate:

 

https://github.com/adrienverge/openfortivpn

Markus_M
Staff & Editor
Markus_M
Staff & Editor
December 21, 2022

Hi yetopen,

 

the only(!) valid solution to this problem is to replace the expired certificate.

Your VPN server (FortiGate) has that certificate and it expired. This has to be replaced. This is normal for certificates and a security measure.

If the certificate is expired, your client (or any others), do not connect as they refuse the connection and that should be expected.

A very temporary solution to this, if you really need to connect a single time to exchange the certificate, is to change your clients system time to before the date that it expired to.

If not sure where to read it - connect via browser to the same FQDN. You will also receive a warning. Bypass the certificate warning as much as possible and see the date of expiry. Change your MAC OS system time to before that date. Then you should be able to connect.

Best regards,

 

Markus

Terms & ConditionsAccessibility statement