FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kaman
Staff
Staff
Article Id 362889
Description

 

This article provides a solution for the issue where, despite importing the Fortinet_GUI_Server certificate into the Windows Trusted Root CA store, the FortiGate login page still displays a 'Not Secure' connection warning.

 

Scope

 

FortiGate.

 

Solution

 

There may be cases when the default HTTPS certificate for FortiGate is Fortinet_GUI_Server; however, when accessing FortiGate via HTTPS, the browser displays a self-issued certificate instead.

 

Even after importing the Fortinet_GUI_Server certificate into the Windows Trusted Root CA store, the 'Not Secure' connection warning persists on the FortiGate login admin page

The browser displays a self-issued certificate during HTTPS access to FortiGate, even though the default certificate is set to 'Fortinet_GUI_Server':


snap-1.png
This issue has been resolved in v7.4.4.

Earlier versions had the default certificate set to self_sign in admin GUI access settings which is not a trusted certificate hence was not recommended to be installed on user machines.


Workaround:
When the admin-server-cert is first set to Fortinet_Factory and later switched back to Fortinet_GUI_Server, accessing the FortiGate again results in the display of the Fortinet_GUI_Server certificate.

config system global
    set admin-server-cert Fortinet_Factory
end

config system global
    set admin-server-cert Fortinet_GUI_Server
end