FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to resolve the ERR_CERT_COMMON_NAME_INVALID error for a captive portal using Google SAML for Chromebooks on FortiGate, which authenticates users and retrieves their usernames.
Scope
FortiGate.
Solution
The article provides how to resolve the "Cert_Common_Name_Invalid" error related to the captive portal with Google SAML authentication.
Solution 1: Reinstall the Wildcard certificate or SSL certificate on Trusted Root Certificate Authorities.
At the captive portal with Google SAML on FortiGate, follow these steps:
Go to VPN -> SSL -> Portal and create a new portal or edit an existing one.
Under Authentication, select SAML as the authentication method.
Configure the SAML settings, including the Entity ID, Single Sign-On URL, and X.509 Certificate.
Ensure that the auth-cert is set to the correct certificate (i.e., wildcard certificate / SSL certificate) in the config user setting section.
For example:
config user setting set auth-cert wildcard_cert end
Solution 2:
Unsetting the auth-cert and SAML certificate.
For example:
config user setting unset auth-cert Fortinet_Factory <-- end
config user saml edit "sslvpnsaml" unset cert "Fortinet_Factory" <--
Clear the Chromebook user session after the changes:
