|
After upgrading a device from v6.x to v7.0.1 or versions above, the SSL VPN certificate is NO longer available for selection under 'config vpn ssl settings'. This certificate was there before the upgrade and it is still under from GUi under System -> Certificates -> Local Certificate.
If the CLI is used, for example, it is not listed under available certificates:
config vpn ssl settings
(settings) # set servercert ?
Available Certificates: <----- List of available certificates.
Fortinet_Factory local
Fortinet_GUI_Server local
If it is happening, it means the certificate used under SSL VPN on 6. x (6.0.x, 6.2.x, and 6.4.x) is a CA certificate and not a 'server certificate'.
'Double-click' on the certificate, and CA:TRUE will appear, which means it is a CA CERTIFICATE and cannot longer be used as a 'server certificate' for SSL VPN starting from 7.0.1 GA.
It will be necessary to replace the certificate with a server certificate.
|
