FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 258623
Description This article describes the behavior change after upgrading the firmware from 6.4.x to 7.0.x in regard to the SSL VPN server certificate.
Scope FortiGate.

Once the Fortigate is upgraded to version 7.0.1 or above, the previously used SSL VPN server certificate will not be visible in the GUI or the CLI of the SSL VPN settings page.


- The certificate will appear under the System -> Certificates page, but it cannot be used for SSL VPN.


- When the issue is encountered, check if the SSL VPN server certificate being used is a CA certificate on the previous versions.


- On the Certificates page under System -> Certificates, select the certificate which was used in previous versions i.e., v6.4.x, and select details to verify if the CA flag is set.




- If the CA flag is set meaning this is a CA certificate and on previous versions the CA certificate was allowed to be used as an SSL VPN server certificate but since version 7.0.1 this is now limited i.e. CA certificates are not allowed to be used and this is an expected behavior.