Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ametkola
Staff
Staff

Created on ‎02-18-2025 06:09 AM Edited on ‎03-05-2025 01:13 AM By Community Manager

Article Id 377343

Technical Tip: Certificate prompt on Admin interface

Description The article below describes an issue where FortiGate prompts user to choose a certificate despite the admin settings not requiring a client certificate. This behavior impacts usually the devices after the firmware upgrade to v7.0.17, v7.2.11, v7.4.6 and 7.6.2 or later
Scope FortiGate.
Solution

The behavior applies to the devices that have any of the below setups in place:

  1. IKE2VPN with Client Certificate authentication enabled.
  2. SSL VPN requires Client Certificate Authentication.
  3. IKEv1 Site-to-Site VPN with Certificate Authentication required for peers.

 

cert prompt.png

 

Make sure the following requirements are met:

 

config system global
    set admin-https-pki-required disable
end

 

In case there is a PKI user configured, it should not exist for the admin user.

 

config user peer
    edit "cert_ca"
        set ca "cert_CA2"
    next
end

 

This issue is still under investigation.
717
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.