Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
msuhaimi
Staff
Staff

Created on ‎01-31-2022 02:42 AM Edited on ‎01-31-2022 09:20 PM By Anonymous

Article Id 203978

Troubleshooting Tips: FortiGate notification “FortiAnalyzer certificate is not verified”

Description

This article describes how to troubleshoot notification on FortiGate “FortiAnalyzer certificate is not verified”
Scope FortiGate and FortiAnalyzer
Solution

This article describes how the OFTPD protocol is used to create communication between FortiGate and FortiAnalyzer OFTP protocol applied for connectivity, health check, file transfer and log display from FortiGate.

 

Section 1

 

1. Check firmware compatibility between FortiGate and FortiAnalyzer.

Reference:https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/0955b58b-a143-11eb-b70b-005056...

 

Section 2

 

Collect information on FortiGate and FortiAnalyzer

 

On FGT CLI:
# get system status
# get log fortianalyzer setting
# get log fortianalyzer filter
# execute ping <FAZ-IP>
# execute traceroute <FAZ-IP>
# execute ssh <FAZ-IP> 514
# execute log fortianalyzer test-connectivity
# diagnose debug app miglogd -1
# diagnose debug enable
--wait 1 minute--
# diagnose debug disable >> disable debug

On FAZ CLI:
# get system status
# get sys global
# diagnose debug app oftpd 255
# diagnose debug enable
--wait 1 minute--
# diagnose debug disable >> disable debug

 

From debug log observed

2021-11-23 13:23:18 <314> _check_oftp_certificate()-206: checking sn:FAZ-VM00000XXXXX vs cert sn:FAZ-VM0000000001
2021-11-23 13:23:18 <314> _check_oftp_certificate()-216: The certificate CN (FAZ-VM0000000001) doesn't match the Serial numbers sent by 192.168.2.77
2021-11-23 13:23:18 <314> miglog_faz_stop_oftp_ex()-739: faz:192.168.2.77 connection close. reason:Serial number of server is unauthorized.
2021-11-23 13:23:18 <314> _build_disk_usage_pkt()-701: Pushed disk usage info to queue for faz.

 

Section 3

 

1. Checked FAZ Local certificates, System Settings > Certificates > Local Certificates

If the FAZ serial number in the certificates was FAZ-VM0000000001, it is incorrect.

 

2. Download a new copy of your license file from the support portal and apply the new license file to your FortiAnalyzer VM via the License Information Widget.


Upload license

 

Reference: https://docs.fortinet.com/document/fortianalyzer/6.4.7/administration-guide/377410/registering-a-dev...

 

Note: FAZ will restart after uploading the license.

 

3. After FAZ restart, we checked FAZ Local certificates, the FAZ serial number in the certificates is now FAZ-VM00000XXXXX, which is correct.
4451
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.