| Description | This article describes the behavior of FortiGate with its SSL VPN sessions after importing an intermediate CA certificate (i.e. remote CA certificate). |
| Scope | FortiGate. |
| Solution |
Whenever importing any remote CA certificate for the first time to the FortiGate, it will disconnect all active SSLV PN connections. However, next time re-adding the remote CA certificate, FortiGate will not disconnect all active SSL VPN connections.
For demonstration, there is a FortiGate running v7.4.1, endpoint connecting to the SSL VPN using FortiClient VPN-only edition, version 7.0.10:
For demonstration purposes, after generating a CSR on the FortiGate, the certificate will be obtained from getacert.com and the local certificate downloaded. The site intermediate CA certificate is imported as the remote CA certificate:
Importing the local certificate to the Gate does not make the FortiGate disconnect the session (it is possible to check the 'duration' field on FortiClient):
However, importing the remote CA certificate for the first time disconnects the active SSL VPN sessions:
The next attempt to add the same intermediate CA certificate while the endpoint is connected to the SSL VPN will not disconnect the active session. After re-connecting the session, proceed to delete the remote CA certificate with the default name CA_Cert_1 and re-add again.
Here is an active session after re-connecting to the SSL VPN tunnel:
Re-adding the same R3.crt certificate while having an active SSL VPN session:
After the certificate is imported, the SSL VPN connection is still active:
|
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGuest
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- Wireless Controller
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Importing the intermediate CA certi...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.