| Description | This article describes how to fix the connectivity issue when correct private CA certificate is imported however connectivity still fails. |
| Scope | FortiGate. |
| Solution |
Sniffer on the FortiGate would show Alert (Level: Fatal, Description: Certificate Expired) even though correct private CA is imported.
CA certificate imported into the FortiGate shows the valid expiry date.
Certificates can be exported from the packet capture by following this article: Technical Tip: Extracting certificates from SSL/TLS handshake packet capture
Verify the certificate presented by the server (Issued-To):
The validity has expired, hence the connection fails. The certificate would have to be renewed to fix the issue.
Note: The connection would work fine when LDAPS is enabled; however, when the certificate is enabled issue would pop up. This is due to server integrity check, which would be enabled by default whenthe certificate is enabled. |
