Troubleshooting Tip: Reasons for the error 'sslvpn_login_cert_checked_error' when connecting via FortiClient

Umer221 · ‎12-27-2023

Description

This article describes how to troubleshoot an issue where users receive the error 'sslvpn_login_cert_checked_error' when connecting via FortiClient due to different reasons.

Scope

FortiOS, FortiGate, SSL VPN.

Solution

Case 1:

Users cannot connect to SSL VPN where an error is observed after running the following debugs:

diagnose deb res

dia deb dis

dia debug application sslvpn -1
dia debug console timestamp enable

dia debug enable

Verify that 'Require Client Certificate' is already disabled but the error persists. See this article Troubleshooting Tip: Failure to connect via SSL VPN with 'Credential or SSLVPN configuration is wron... for the troubleshooting steps.
Look for the entry 'set ztna-trusted-client enable' by running commands as shown in the following photo:

config vpn ssl settings

If 'set ztna-trusted-client enable' is observed in SSL-VPN Settings, unset it by running the following command:

config vpn ssl settings
unset ztna-trusted-client

end

Case 2:

Check whether TLS settings in the user machine and FortiGate are similar to each other or not. If it is not the same then it is possible to make changes to TLS for SSL VPN in FortiGate as shown below: