FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JianWu
Staff
Staff
Article Id 378466
Description This article describes a scenario when GUI Access no longer works after a software upgrade to v7.2.11/v7.4.8/v7.6.1.
Scope FortiGate GUI Access.
Solution

Starting from v7.2.11/v7.4.8/v7.6.1, FortiGate supports OpenSSL 3.4.0 and it requires a minimum RSA key of 2048 bits.
Any certificates using an RSA key of less than 2048 bits are no longer supported, if such a cert is used, GUI access will stop working after the upgrade.

 

This change came after OpenSSL 3.2.0 changed the default security level to 2, which means that it required a minimum RSA of 2048 bits.

 

The user can check the RSA keys of the certificate by running the command :

 

    openssl x509 -in name_of_certificate.cer -text -noout

 

Further information is available in this github readme.

 

To address the issue, either use the default cert as seen below or use a new cert that meets the minimum requirement:

 

config system global
    set admin-server-cert "Fortinet_GUI_Server"
end