Description
This article describes how to troubleshoot certificate errors during authentication. When full SSL inspection is used, a number of certificate errors can appear when the browser notices that the certificate being used to encrypt the traffic is not the expected certificate. Some of these errors occur when user authentication is enabled and the FortiGate attempts to redirect traffic to the login page, and the browser interprets it as evidence that the connection is not private.
Scope
FortiGate.
Solution
One error that can occur happens when attempting to connect to a website which uses HTTP Strict Transport Security (HSTS). If this is the case, an error message that is impossible to override might appear:
If this message appears, the best thing to do is browse to a different site and re-attempt user authentication. Once user credentials have been accepted by the FortiGate, users can access the website that was previously blocked (unless that site is blocked by web filtering).
Browsers sometimes recognize that authentication is required and will display a different HSTS error message that allows access to the login page:
Browsers sometimes recognize that authentication is required and will display a different HSTS error message that allows access to the login page:
If this error appears, there is the option to open the login page and enter the user credentials.
Another error can occur when the common name of the certificate used for HTTPS encryption is not matching the URL of the website:
Another error can occur when the common name of the certificate used for HTTPS encryption is not matching the URL of the website:
If this message appears, the best thing to do is browse to a different site and re-attempt user authentication. Once user credentials have been accepted by the FortiGate, users can access the site that was previously blocked (unless that site is blocked by web filtering).
For more information on how FortiGate interacts with certificates and how to troubleshoot possible issues with them, see Troubleshooting Tip: A guide to FortiGate and certificate issues.
