Created on
10-22-2024
03:52 AM
Edited on
08-20-2025
08:29 AM
By
Stephen_G
Description | This article shows how to clear the cache of the server certificate and client certificate. |
Scope | FortiGate. |
Solution |
Background:
When the web page is blocked by the certificate untrusted error, the following solution can be used to clear the cache and make the certificates work properly again.
The web pages will be accessible again and not blocked.
The error that is visible while accessing the page is:
NET:: ERR_CERT_AUTHORITY_INVALID NET:: ERR_CERT_DATE_INVALID
In the logs, the following error is shown:
block-cert-untrusted
Solution:
Open SSH to the FortiGate and execute the following commands:
diagnose ips share list scert_cache <----- To view the server entries. diagnose ips share list server_cache_0 <----- If the previous scert_cache command returns empty, use this. diagnose ips share pool <---- Use this command to view the various certificate pools and the current entries.
diagnose ips share clear cert_verify_cache
diagnose test app ipsmonitor 99 <----- To reset the IPS engine. execute update-now |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.