This article describes how to troubleshoot notification on FortiGate “FortiAnalyzer certificate is not verified”
|Scope||FortiGate and FortiAnalyzer|
This article describes how the OFTPD protocol is used to create communication between FortiGate and FortiAnalyzer OFTP protocol applied for connectivity, health check, file transfer and log display from FortiGate.
1. Check firmware compatibility between FortiGate and FortiAnalyzer.
Collect information on FortiGate and FortiAnalyzer
On FGT CLI:
From debug log observed
2021-11-23 13:23:18 <314> _check_oftp_certificate()-206: checking sn:FAZ-VM00000XXXXX vs cert sn:FAZ-VM0000000001
1. Checked FAZ Local certificates, System Settings > Certificates > Local Certificates
If the FAZ serial number in the certificates was FAZ-VM0000000001, it is incorrect.
2. Download a new copy of your license file from the support portal and apply the new license file to your FortiAnalyzer VM via the License Information Widget.
Note: FAZ will restart after uploading the license.
3. After FAZ restart, we checked FAZ Local certificates, the FAZ serial number in the certificates is now FAZ-VM00000XXXXX, which is correct.