FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
kwcheng__FTNT
Article Id 413853
Description This article describes the typical circumstances behind the 'Logs any request to the SCEP server'.
Scope FortiAuthenticator.
Solution

Event ID 50502 refers to an event log entry related to SCEP request handling of FortiAuthenticator.

 

The Simple Certificate Enrollment Protocol (SCEP) is a standard protocol designed to simplify and automate the process of issuing and managing digital certificates within large network environments. It enables FortiAuthenticator to securely request and obtain certificates from a Certificate Authority (CA) through a SCEP service. By using HTTP or HTTPS for communication, SCEP helps streamline certificate deployment, ensuring encrypted authentication and data exchange without the need for manual configuration.

 

The sample system event message(s) will look like below:

 

  1. FortiAuthenticator received a request to get the CA certificate from the SCEP server:

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA message received" user=""

 

  1. FortiAuthenticator received a CA certificate response from the SCEP server:

     

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA: Returning requested CA certificate C=US, O=fortinet, CN=FAC-Root-CA" user=""

 

  1. FortiAuthenticator failed to receive the CA certificate response from the SCEP server:

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="error" nas="" action="" status="" msg="SCEP GetCA: An error occurred while trying to find the requested CA certificate with id: default" user=""

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP GetCA: Failed to retrieve requested CA, returning default CA certificate C=US, ST=california, L=sunnyvale, O=fortinet, OU=it, CN=ca.testfortinet.net, emailAddress=support@ca.testfortinet.net" user=""

 

  1. FortiAuthenticator received a PKCS signing request to CA:

     

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="SCEP PKCSReq message received" user=""

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Enrolling a certificate for " C=US, O=fortinet, OU=it, CN=test" that matches a wildcard request """ user=""


date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Signing certificate enrollment request with transaction ID XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" user=""

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="information" nas="" action="" status="" msg="Certificate signing request "C=US, CN=test" signed with CA certificate "CN=CA_remote"" user=""

 

  1. FortiAuthenticator failed to sign the PKCS request:

     

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="error" nas="" action="" status="" msg="SCEP PKCSReq: Signing the certificate with subject "C=US, CN=test" failed" user=""

 

  1. FortiAuthenticator signing request being denied by CA:

     

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="SCEP PKCSReq: Automatic enrollment denied for C=US, CN=test: unable to sign certificate request" user=""

 

Possible reasons for being denied by CA:

 

  1. Duplicated entry:

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="A certificate with subject "C=US, CN=test" and issuer "CN=CA_remote" already exists and not eligible for renewal" user=""

 

  1. Expired:

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="Renewal is not allowed for the this expired certificate" user=""

 

  1. Revoked:

     

 

date=2025-10-06 time=05:57:58+0000 oid=8888 logid=50502 cat="Event" subcat="Web Service" level="notice" nas="" action="" status="" msg="Renewal is not allowed for the this revoked certificate" user=""

 

There are many other events, and they will still share the same event IDs under 50502. They can be viewed under Log Access -> Logs -> filter '50502'.