Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
- Fortinet Community
- Knowledge Base
- FortiAuthenticator
- Technical Tip: Understanding the log message 'SCEP...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
| Description | This article describes the typical circumstances behind the 'Logs any request to the SCEP server'. |
| Scope | FortiAuthenticator. |
| Solution |
Event ID 50502 refers to an event log entry related to SCEP request handling of FortiAuthenticator.
The Simple Certificate Enrollment Protocol (SCEP) is a standard protocol designed to simplify and automate the process of issuing and managing digital certificates within large network environments. It enables FortiAuthenticator to securely request and obtain certificates from a Certificate Authority (CA) through a SCEP service. By using HTTP or HTTPS for communication, SCEP helps streamline certificate deployment, ensuring encrypted authentication and data exchange without the need for manual configuration.
The sample system event message(s) will look like below:
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA message received" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA: Returning requested CA certificate C=US, O=fortinet, CN=FAC-Root-CA" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="error" nas="" action="" status="" msg="SCEP GetCA: An error occurred while trying to find the requested CA certificate with id: default" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA: Failed to retrieve requested CA, returning default CA certificate C=US, ST=california, L=sunnyvale, O=fortinet, OU=it, CN=ca.testfortinet.net, emailAddress=support@ca.testfortinet.net" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP PKCSReq message received" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Enrolling a certificate for " C=US, O=fortinet, OU=it, CN=test" that matches a wildcard request """ user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Certificate signing request "C=US, CN=test" signed with CA certificate "CN=CA_remote"" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="error" nas="" action="" status="" msg="SCEP PKCSReq: Signing the certificate with subject "C=US, CN=test" failed" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="SCEP PKCSReq: Automatic enrollment denied for C=US, CN=test: unable to sign certificate request" user=""
Possible reasons for being denied by CA:
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="A certificate with subject "C=US, CN=test" and issuer "CN=CA_remote" already exists and not eligible for renewal" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="Renewal is not allowed for the this expired certificate" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="Renewal is not allowed for the this revoked certificate" user=""
There are many other events, and they will still share the same event IDs under 50502. They can be viewed under Log Access -> Logs -> filter '50502'. |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.