FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 198710


This article provides the solution when the error 'The server you want to connect to requests identification. Please choose a certificate and try again (-5)' is received in FortiClient trying to connect to the SSL VPN VPN.


This error can occur for the following reasons:


1) The most common cause for this problem is because the user does not have read access to the certificate's private key.

If the user cannot read the private key then it cannot present it to the FortiGate for authentication purposes, and FortiClient therefore gives an error stating has not been chosen a certificate (even though one shows as selected). The solution in this case is to ensure that the user can read the certificate's private key as follows:


- Open MMC to where the certificate is stored. For computer certificates, for example: MMC > File > Add/Remove Snap-in -> Certificates -> Add -> Computer account -> Ok.


- Navigate to Certificates -> Personal > Certificates.

- Right-click on the certificate in question and select All Tasks -> Manage Private Keys

- Ensure the user who is logged in has read access to the private key, and add them to the list if they are missing:




2) Another cause is because the default settings for encryption have changed in FortiOS v5.4 and later.

- On the FortiClient (Windows) workstation, go to Internet Explorer -> Options -> Advanced and  enable 'TLS 1.1' and 'TLS 1.2'


- Change the TLS settings according to the settings on the FortiGate as well.

Related Articles

Technical Note: Error 'Unable to establish the VPN connection. The VPN server may be unreachable. (-...