FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Article Id 276359
Description This article describes how to troubleshoot and resolve the 'SSL certificate used by Endpoint Control is not secure' error in FortiClient EMS. This error typically indicates an issue with the SSL certificate used for secure communication.
Scope FortiClient EMS.

FortiClient EMS uses SSL certificates to secure communication between the server and managed endpoints.

The error 'SSL certificate used by Endpoint Control is not secure' indicates a problem with the SSL certificate configuration. Troubleshooting and resolving this error is crucial to maintain secure communications.


Resolving the 'SSL certificate used by Endpoint Control is not secure' error in FortiClient EMS is essential to maintaining secure communications with managed endpoints.

By following the troubleshooting steps outlined in this guide, FortiClient EMS administrators can identify and address SSL certificate-related issues, ensuring the continued security of their endpoint management infrastructure.


Troubleshooting Steps:

  • Open EMS GUI and Navigate to System Settings -> EMS Settings:
  • Review the SSL certificate configuration. Check for the following:
  1. Certificate Expiry Date: Verify that the SSL certificate has not expired. If it has, obtain or renew a valid SSL certificate.
  2. Certificate Chain: Ensure that the certificate chain is correctly configured. The certificate should be issued by a trusted Certificate Authority (CA).
  3. Replace the SSL Certificate: If the SSL certificate determined is invalid, expired, or improperly configured, replace it. Follow these steps to replace the SSL certificate:
  • Obtain a valid SSL certificate from a trusted CA. Make sure it includes the correct Common Name (CN) and Subject Alternative Names (SANs) for the FortiClient EMS server.
  • Install the new SSL certificate on the FortiClient EMS server.
  • In the FortiClient EMS web console, navigate to System Settings -> EMS Settings.
  • Under 'SSL Certificate', select the newly installed certificate from the drop-down menu.
  • Select 'Save' or 'Apply' to save the changes.
  • Restart FortiClient EMS Services:
  • After replacing the SSL certificate, it is a good practice to restart FortiClient EMS services to ensure that the new certificate is in use.
  • Test Secure Communications between FortiClient EMS and managed endpoints to ensure that the SSL certificate error is resolved. Verify that endpoints can successfully connect to FortiClient EMS without encountering SSL-related issues.