FortiNAC uses Apache service for the portal, and Apache relies on the OpenSSL configuration for certificate requirements. FortiNAC has OpenSSL 3.0, and OpenSSL has multiple security levels. Currently, FortiNAC uses OpenSSL Security Level 1. OpenSSL 3.0 Security Level 1 requirements can be found in the document below.

OpenSSL 3.0 Security Level Descriptions 

If the certificate that is in use by Portal/Apache does not fulfill the requirement that is explained in the above OpenSSL doc, the FortiNAC Apache service fails and generates the following error message.

[Sat May 03 10:58:48.010772 2025] [ssl:emerg] [pid 170240:tid 140000143325056] AH02562: Failed to configure certificate localhost:443:0 (with chain), check /bsc/siteConfiguration/apache_ssl/server.crt
[Sat May 03 10:58:48.010794 2025] [ssl:emerg] [pid 170240:tid 140000143325056] SSL Library Error: error:0A00018E:SSL routines::ca md too weak

As shown below, in this example, the FortiNAC Portal has a certificate that has a signature algorithm of SHA1.


In this example, the FortiNAC portal certificate should be replaced with a new one that has a signature algorithm of SHA224 or higher, since SHA1 is forbidden in OpenSSL Security Level 1. In addition to the Signature Algorithm, the certificate should fulfill the other requirements that are already described in the OpenSSL documentation.