Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
duenlim
Staff
Staff

Created on ‎12-12-2023 10:41 PM Edited on ‎11-18-2024 09:52 AM By Moderator

Article Id 289042

Technical Tip: FortiOS deprecated support for SHA-1 certificate for SSLVPN

Description This article describes that it is not possible to access SSLVPN after upgrading to v7.2.5, v7.4 or above.
Scope FortiGate v7.2.5, v7.4 and above.
Solution

SHA-1 is considered a deprecated hashing algorithm:
Technical Note: SHA versions for SSL Certificates and Limitations

 

FortiOS 7.2.5 and 7.4 are using OpenSSL 3.0, in which x509 certificates signed using SHA1 are no longer allowed at security level 1 (the default level) and above.

To work around it, under 'vpn ssl settings', try 'set ssl-min-protocol to tls1-1', which will lower the security level to 0. However, this is strongly discouraged.

 

Refer to Generate a new certificate to generate at least a SHA-256 certificate for SSL VPN.
1650
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.