Created on 11-15-2024 03:55 AM Edited on 11-29-2024 01:37 AM By Jean-Philippe_P
Description | This article describes the issue with certificates in Push notifications on mobile Tokens. |
Scope | FortiGate, FortiToken. |
Solution |
After configuring the FTM-Push settings the user gets SSL secure connection failure, this is triggered due to the in-built self-sign certificate on FortiGate. Ensure the reachability to the server on the defined port.
This is the default certificate for the FTM-Push config:
iron-kvm37 # config sys ftm-push iron-kvm37 (ftm-push) # sh full The default certificate is neither trusted nor recommended for TLS authentication, leading to the failure of SSL secure connections.
The below debug can be seen on FortiGate debug :
diagnose debug app ftm-push -1
SSL secure connection failed, failed to validate cert <cert-name>
Change the default in the build certificate or use the same certificate used in the SSL VPN configuration.
In Cloud environments, make sure the next hop (where Public IP is available) can relay the traffic for port 4433 or the ports can be customized as per the requirement.
Related articles: Troubleshooting Tip: FTM-Push notification configured but not working |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.