Skip to main content
Kafort
Kafort
New Member
March 18, 2012
Question

VM edition and HTTPS

  • March 18, 2012
  • 4 replies
  • 9914 views
Hello, For testing, I am using the Fortigate VM edition but I have an issue with HTTPS or SSH (all works with HTTP). Here the message of Firefox: 
  An error occurred during a connection to 192.168.2.200.    Cannot communicate securely with peer: no common encryption algorithm(s).    (Error code: ssl_error_no_cypher_overlap)        The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Here the message of SSH: 
  ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits  key_verify failed for server_host_key
Do you know how I can change the certificate? Regards

    4 replies

    Matthijs
    Matthijs
    New Member
    March 19, 2012
    Try this in the cli config system global set strong-crypto disable end
    Kafort
    KafortAuthor
    New Member
    March 19, 2012
    Try this in the cli config system global set strong-crypto disable end
    Thank you but it seems to be a workaround. Do you know how to change the certificate?
    proberts
    proberts
    New Member
    March 19, 2012
    Regarding SSH - our way around that was to use putty which is more tolerable.
    mbrowndcm
    mbrowndcm
    New Member
    March 30, 2012
    So, you have a CA that you wish to grant a certificate for a certificate request generated by the Fortigate unit? That is, you can' t just obtain the certificate from the site, then just install it to the certificate store of firefox? On the Fortigate unit: system>Certificate>Local Certificates>Generate... this will generate a certficate request that you can submit to a CA. Then import through Local Certificates If you want to add a CA certificate as trusted, say if you wish to have any certificate granted by that CA to be trusted by the Fortigate: system>Certificate>CA certificates> Import If you want to configure a Certificate you' ve imported to be used to secure HTTPS web site admin sessions: 
      config system global    set admin-server-cert
    See CLI reference: 
      admin-server-cert {self-sign | <certificate>}  Select the admin https server certificate to use. Choices include  self-sign, and the filename of any installed certificates. Default  setting is Fortinet_Factory, if available, otherwise selfsign.
    Diabolicus23
    Diabolicus23
    New Member
    September 6, 2013
    Solved! You have to use an old version of Firefox. Use, as example, Firefox 2.0.0.20 and, in about:config, set security.ssl3.rsa_rc4_40_md5 as true Now you will be able to access via https. With trial version the certificate is RSA SHA1 512 bits and this certificate is not supported in recent browser version. Attention, you must use an old version (I think 18 and older).
    Terms & ConditionsAccessibility statement