Description |
This article describes how to resolve situations where DigiCert certificates receive a 'certificate expired' warning |
Scope | FortiGate. |
Solution |
Since March 8, 2023, DigiCert has started updating the default public issuance of TLS/SSL certificates to the new public second-generation(G2) root and intermediate CA (ICA) certificate hierarchies. The G1 root CA and intermediate CA currently being used will be distrusted by Mozilla on April 15, 2026. This will interrupt FortiGate's connection with FortiGate Cloud (and FDN) in the future.
Issue symptoms:
4031 continue the cert failure to get replace msg
To fix the issue, use the following commands:
fnsysctl killall fnbamd diagnose test application wad 99 execute update-now
For more details regarding the certificate, see this DigiCert knowledge base article.
Additionally, consider putting the profile in the Flow mode to further verify it is working. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.