Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jfelix09
Staff
Staff

Created on ‎10-08-2024 09:31 PM

Article Id 347953

Troubleshooting Tip: Not possible to save admin-server-cert settings with HTTPS server certificate

Description This article describes a problem when attempting to save the system settings with an HTTPS server certificate.
Scope FortiGate v7.6.0.
Solution

A new SSL certificate was imported under FortiGate GUI -> System > Certificates, and it is shown as valid. However, it is not possible to save the system settings under FortiGate GUI -> System -> Settings with the new HTTPS server certificate.

 

2024-10-08 17_57_27-system-certificate-valid.png

 

An error message is displayed in FortiGate GUI: 'Administration settings failed to save: Input value is invalid'.

 

2024-10-08 17_58_18-GUI-error.png

 

The new certificate is present under System -> Settings -> HTTPS Server Certificate. However, by checking the certificate via CLI, the certificate is not available to be used (the last entry should show the <certificate-name>).

2024-10-08 17_54_12-admin-server-cert.png

 

config system global

    set admin-server-cert ?

Available Certificates:
self-sign local
Fortinet_Factory local
Fortinet_Factory_Backup local
Fortinet_GUI_Server local

 

To be possible to save the HTTPS server certificate settings, open the CLI and display the full configuration for the affected certificate:

 

config vpn certificate local

edit <certificate-name>

show full

 

Copy all the content of the CLI certificate configuration, as shown in the example below:

config vpn certificate local
   edit "certificate-name"
      set password ENC [ommited]
      set comments ''
      set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
      [ommited]
      -----END ENCRYPTED PRIVATE KEY-----"
      set certificate "-----BEGIN CERTIFICATE-----
      [ommited]
      -----END CERTIFICATE-----"
      set range global
      set source user
      set source-ip 0.0.0.0
      set ike-localid-type asn1dn
      set enroll-protocol none
   next
end

Delete the new certificate under System -> Certificate, select the certificate, and select Delete. To re-import the certificate, paste the previously copied certificate commands into a new CLI window.

 

The SSL certificate should now be accessible as the HTTPS server certificate.

config system global

    set admin-server-cert ?

Available Certificates:
self-sign local
Fortinet_Factory local
Fortinet_Factory_Backup local
Fortinet_GUI_Server local

<certificate-name> local
154
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.