| Description |
This article describes that when a user connects to FortiGate GUI using HTTPS, the web page displays the certificate error: ERR_CERT_COMMON_NAME_INVALID. |
| Scope | FortiGate all firmware versions. |
| Solution |
The following certificate error is seen.
The Common Name represents a server name protected by the SSL certificate.
The certificate is valid only if the requested hostname matches the certificate's common name.
Check the Certificate, it is issued to *****.com:
The user connects to the IP address https://x.x.x.x. The certificate's common name is *****.com, they don’t match.
The certificate should be issued to the IP address x.x.x.x, or the user should connect to the URL *****.com.
To use the IP address when connect, create a new CSR in FortiGate, in Subject Information, ID Type, enable 'Host IP', and put IP x.x.x.x.
Complete the CSR, download it, have it signed and import it back to FortiGate.
Assign it to the admin access:
# config system global set admin-server-cert <certificate_name> end
References:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/645186/generating-a-csr-on-a-fortigate |
