Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
samandeep
Staff
Staff

Created on ‎08-30-2023 09:48 PM Edited on ‎10-05-2025 01:14 PM By Community Manager

Article Id 271225

Technical Tip: 'EMS certificate not trusted' after upgrading to a new firmware

Description

This article describes how to fix a working FortiClient EMS certificate error after upgrading the FortiGate firmware.
Scope

FortiGate v6.x.x and v7.x.x.
Solution

It is not common for a FortiGate firmware upgrade to cause a FortiClient EMS connectivity issue, where the FortiClient EMS is accessible, but the 'EMS certificate not trusted' error occurs.

 

samandeep_0-1693448100595.png

 

In that scenario, use the command to 'unverify' the certificate.

 

config endpoint-control fctems

show full

execute fctems unverify <FortiClient EMS>

 

See the example screenshot below:

 

New Screenshot for EMS.png

 

Verify the FortiClient EMS again:

 

execute fctems verify <FortiClient EMS>

 

After the verification, the new certificate request will be visible to use on the CLI. Press 'Y' for yes.

 

To check the certificate status:

    execute fctems is-verified <Forticlient EMS>

Related articles:
Troubleshooting Tip: EMS certificate not trusted with customized certificate 
Technical Tip: EMS Certificate is not trusted with FortiClient EMS Cloud 
Labels:
2249
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.