Description | This article describes a successful use case for monitoring an SSL VPN certificate expiry check using N-Central. |
Scope | FortiOS. |
Solution |
Scenario: 1) The user is deploying the SSL VPN certificate for an SSL VPN connection in either web or tunnel mode. 2) The intention is to automate the SSL VPN certificate expiry check.
The basic SSL VPN certificate expiry check used by N-Central is largely identical to the corresponding 'curl' command on Linux. N-Central uses the https protocol.
For a detailed implementation of N-Central, refer to the official documentation. https://success.n-able.com/kb/solarwinds_n-central/SSL-Expiry-Check https://success.n-able.com/kb/nable_n-able_n-sight_rmm/HTTPS-Certificate-Expiry-check
Important tip: 1) If issues are faced, check to ensure FortiGate is not denying traffic and compare information with the status and logs from the N-Central dashboard. 2) If the HTTP 200 code appears on N-Central dashboard, FortiGate should not deny traffic. Further check the certificate bundling installed on N-Central to ensure it is up to date with the CA certificate list that includes FortiGate SSL VPN certificates. 3) Use the curl command on linux to compare with the result from N-Central. If the curl command results are as expected, further investigate the N-Central side.
If the problem persists, contact Fortinet TAC for further assistance with issue investigation. |