Description |
This article describes the issue of using a server certificate for GUI or HTTPS access to FortiGate(s) in HA setup. When a custom server certificate is used for GUI or HTTPS access to FortiGate, this configuration is synced to the other members of the cluster as well.
So if FQDN or IP addresses are used to access FortiGate since the FQDN or IP addresses are different and if the certificate has only one FQDN or IP address added as the CN (Common Name), CN mismatch (invalid certificate error) while accessing the FortiGate. |
Scope | FortiOS. |
Solution |
Example: if the FortiGate(s) access details are as below:
Fortigate-1: fqdn- fortigate1.xyz.com (192.168.1.1) and Fortigate-1: fortigate2.xyz.com (192.168.1.2)
It is possible to use a wildcard certificate with fqdn: *.xyz.com or with both fqdn added as CN in the Certificate which holds good for both the FortiGate(s) in HA. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.