Description |
This article describes the situations when FortiGate for EMS says: 'Server certificate and configured certificate are mismatched'. |
Scope | FortiGate connected. |
Solution |
Verify an existing / renewed EMS Server Certificate. Some errors can occur:
Solution 1: From the CLI, run the following command:
execute fctems verify 1
The FortiGate will display the Certificate chain. At the end of the process, the system will prompt to confirm if the certificate should be added to the list of trusted remote certificates. Press y to continue.
Now the FortiClient EMS should be connected.
Solution 2:
Note: If the FortiClient Endpoint Management Server (EMS) is the VM-version, contact the EMS Technical Support team for the server certificate. Follow step 2 to import the remote certificate on FortiGate.
Steps to follow:
Save as: 'Base64-encoded ASCII, single certificate (*.pem;*.crt)'.
config endpoint-control fctems edit <ems_name> set certificate <New Imported Remote Certificate> next end
If the issue persists, disable then re-enable the FortiClient EMS Fabric Connector. If FortiGate devices are enabled on a Security Fabric, refer to this article: Technical Tip: EMS certificate verification fails on downstream FortiGate in Security Fabric
Related documents: |