Troubleshooting Tip: Cannot delete certificate due to 'Web Proxy Global' reference that cannot be deleted

Upon attempting to delete a FortiGate certificate, an issue may occur where the certificate cannot be deleted because it is connected to a 'Web Proxy Global' reference. Additionally, there is no option to edit or delete the reference in question.

The certificate in this setting is used for choosing which certificate is used by FortiGate to sign a block page in explicit proxy. This can only be changed through the CLI with the following commands:
 

# config web-proxy global

set ssl-cert “<certificate to delete>” <-- Change this to any other certificate

set ssl-ca-cert “<certificate to delete>” <-- Change this to any other certificate

Note: 'ssl-cert' is an SSL certificate for SSL interception, where 'ssl-ca-cert' is an SSL CA certificate for SSL interception.

After changing the setting to another certificate, use the following command to make sure there are no additional references:

# show full-configuration | grep ‘certificate_name’

In the GUI, verify if there are any references for that certificate:

After making sure there are no references, delete the certificate from the GUI or use the following CLI commands:

# config vpn certificate ca | local | remote

delete ‘certificate_name’

If the issue persists, contact Fortinet support.