Description | This article describes the typical circumstances behind the 'Logs any request to the SCEP server'. |
Scope | FortiAuthenticator. |
Solution |
Event ID 50502 refers to an event log entry related to SCEP request handling of FortiAuthenticator.
The Simple Certificate Enrollment Protocol (SCEP) is a standard protocol designed to simplify and automate the process of issuing and managing digital certificates within large network environments. It enables FortiAuthenticator to securely request and obtain certificates from a Certificate Authority (CA) through a SCEP service. By using HTTP or HTTPS for communication, SCEP helps streamline certificate deployment, ensuring encrypted authentication and data exchange without the need for manual configuration.
The sample system event message(s) will look like below:
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA message received" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA: Returning requested CA certificate C=US, O=fortinet, CN=FAC-Root-CA" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="error" nas="" action="" status="" msg="SCEP GetCA: An error occurred while trying to find the requested CA certificate with id: default" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA: Failed to retrieve requested CA, returning default CA certificate C=US, ST=california, L=sunnyvale, O=fortinet, OU=it, CN=ca.testfortinet.net, emailAddress=support@ca.testfortinet.net" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP PKCSReq message received" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Enrolling a certificate for " C=US, O=fortinet, OU=it, CN=test" that matches a wildcard request """ user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Certificate signing request "C=US, CN=test" signed with CA certificate "CN=CA_remote"" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="error" nas="" action="" status="" msg="SCEP PKCSReq: Signing the certificate with subject "C=US, CN=test" failed" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="SCEP PKCSReq: Automatic enrollment denied for C=US, CN=test: unable to sign certificate request" user=""
Possible reasons for being denied by CA:
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="A certificate with subject "C=US, CN=test" and issuer "CN=CA_remote" already exists and not eligible for renewal" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="Renewal is not allowed for the this expired certificate" user=""
date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="Renewal is not allowed for the this revoked certificate" user=""
There are many other events, and they will still share the same event IDs under 50502. They can be viewed under Log Access -> Logs -> filter '50502'. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.