Troubleshooting Tip: How to resolve certificate ve...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 422300

Description

This article describes how to resolve the following error:

'Failed to verify the certificate for server "EMS 1 - ems"'. The server certificate cannot be authenticated with the installed CA certificates. Please install its CA certificates on this FortiGate.

Scope

FortiGate, FortiClient EMS.

Solution

The 'Failed to verify the certificate for server 'EMS 1 - ems' error means the device doesn't trust the server's security certificate, often due to missing root CAs, expired certs, time sync issues, or incorrect server config.

But the following error is observed in the GUI, despite the intermediate and root certificates already being present in FortiGate.

The wildcard certificate is being used in EMS, under the Web server Certificate in EMS Settings. Go to the URL of EMS server and check which root and intermediate certificates are in use.

In FortiGate, Intermediate and root certificates are found under the Remote CA section in System -> Certificates.

To resolve the issue, follow the steps below:

Delete the intermediate and root certificates in FortiGate.
Open them with Notepad and add them together in a fil,e and write the file name cert.pem.
Upload this bundle file to FortiGate in System -> Certificates.
Select 'Authorize' in FortiGate. The certificate should appear: select accept.

214

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: How to resolve certificate verification error when FortiGate connects to EMS

You are leaving our website