| Description |
This article describes that after creating an ACME certificate from FortiGate, the browser shows not secure. |
| Scope | |
| Solution |
After creating the server certificates for secure administrator login to the FortiGate the browser will show a not secure page.
The browser doesn’t trust the certificate issuer.
On the firewall, it is possible to see staging.
Remove the staging from the certificate:
FortiGate-VM # config vpn certificate local FortiGate-VM(local) edit test # config vpn certificate loca edit "test" set password XXX set comments "Renewed with ACME on Wed Oct 27 17:13:11 2021 (UTC)" set range global set enroll-protocol acme2 set acme-ca-url https://acme-staging-v02.api.letsencrypt.org/directory <<<< Remove the staging set acme-domain "agamtest.cloudem.cloud" set acme-email "tomer.grinberg@cloudem.co.il" next end
The correct URL looks like: https://acme-v02.api.letsencrypt.org/directory
This is because the certificate which is creating uses Let’s Encrypt staging (test server) so the cert created for the domain has been issued by a fake CA. This Let’s Encrypt staging server should be used just to test that the client is working fine and can generate the challenges, certificates, but to create a valid cert, it is necessary to use the right server in letsencrypt-auto command.
For staging is:
--server https://acme-staging.api.letsencrypt.org/directory
For production is:
--server https://acme-v01.api.letsencrypt.org/directory
If a server, is not specified, it defaults to production and to use staging, specify the server for staging or just use one of these switches (--test-cert or --staging).
Now check the connection, if the issue is still there create a ticket through the Fortinet support portal |
|
|
