Troubleshooting Tip: How to fix domain sync error message ‘Could not verify server certificate using local or user-supplied certificates'

ika · ‎03-28-2025

Description

This article describes how to fix the domain error message 'Could not verify server certificate using local or user-supplied certificates' displayed under Endpoints -> Manage Domain.

Scope

FortiClient EMS on-prem, FortiClient EMS Cloud.

Solution

The error message details can be seen when hovering the cursor to the warning icon.

Example error message details:

Last Successful Sync: 2025-03-08 15:25:58
Sync Error: Could not verify server certificate using local or user-supplied certificates. Certificate details: Subject: CN=xxx.xxx.com Issuer: CN=xxx-CA Subject alternative name(s): xxx.xxx.com Serial number: xxx

To further verify, review addaemonworker and the debug log in the EMS diagnostic log file which stated that there was an error when enumerating LDAP.

To resolve this issue, upload the domain certificate in PEM or DER format in the FortiClient EMS GUI under Administration -> Authentication Servers -> select to edit desired domain -> Certificate.

After, select the Test button to verify that the connection was successful before triggering a manual domain sync again.

Now, the domain should successfully be synced with EMS without a certificate error.

Troubleshooting Tip: How to fix domain sync error message ‘Could not verify server certificate using local or user-supplied certificates'

You are leaving our website