Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ametkola
Staff
Staff

Created on ‎02-18-2025 06:09 AM Edited on ‎09-02-2025 10:33 PM By Community Manager

Article Id 377343

Technical Tip: Accessing the FortiGate GUI Triggers a Browser Prompt to Select a Certificate

Description The article below describes an issue where FortiGate prompts the user to choose a certificate, despite the admin settings not being configured to require a client certificate. This behavior impacts usually the devices after the firmware upgrade to v7.0.17, v7.2.11, v7.4.6, and v7.6.2 or later.
Scope FortiGate.
Solution

The behavior applies to the devices that have any of the following setups in place:

  1. IKE2VPN with Client Certificate authentication enabled.
  2. SSL VPN requires Client Certificate Authentication.
  3. IKEv1 Site-to-Site VPN with Certificate Authentication required for peers.

 

cert prompt.png

 

Ensure the following requirements are met:

 

config system global
    set admin-https-pki-required disable
end

 

Additionally, if a PKI user is configured, it should not be assigned to the admin user:

 

config user peer
    edit "cert_ca"
        set ca "cert_CA2"
    next
end

 

This issue has been resolved in v7.4.8 and v7.6.3.
2653
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.