Technical Tip: How to clear cache of server and client certificate in case web page is blocked with NET:: ERR_CERT_AUTHORITY_INVALID

kbountouris · ‎10-22-2024

Description

This article shows how to clear the cache of the server certificate and client certificate.

Scope

FortiGate.

Solution

Background:

When the web page is blocked by the certificate untrusted error, the following solution can be used to clear the cache and make the certificates work properly again.

The web pages will be accessible again and not blocked.

The error that is visible while accessing the page is:

NET:: ERR_CERT_AUTHORITY_INVALID

NET:: ERR_CERT_DATE_INVALID

In the logs, the following error is shown:

block-cert-untrusted

Solution:

Open SSH to the FortiGate and execute the following commands:

diagnose ips share list scert_cache <----- To view the server entries.
diagnose ips share list ccert_cache <----- To view the client entries.

diagnose ips share list server_cache_0 <----- If the previous scert_cache command returns empty, use this.

diagnose ips share pool <---- Use this command to view the various certificate pools and the current entries.

diagnose ips share clear scert_cache <----- To clear the server entries.
diagnose ips share clear ccert_cache <----- To clear the client entries.

diagnose ips share clear cert_verify_cache

diagnose test app ipsmonitor 99 <----- To reset the IPS engine.

execute update-now

Technical Tip: How to clear cache of server and client certificate in case web page is blocked with NET:: ERR_CERT_AUTHORITY_INVALID

You are leaving our website