Troubleshooting Tip: Persistent Agent 'check_cert_chain error' log entry description

cmaheu · ‎11-06-2025

Description

This article describes the Persistent Agent log message 'check_cert_chain error' and the possible values.

The message is printed in the log during the agent connection with FortiNAC.

Log example:

2025-11-04 12:10:46 UTC :: peer CommonName = myfortiNAC.com
2025-11-04 12:10:46 UTC :: SAN: myfortiNAC.com
2025-11-04 12:10:46 UTC :: SAN: myfortiNAC
2025-11-04 12:10:46 UTC :: Checking Peer name myfortiNAC.com against Common or Subject-alternative-name entry myfortiNAC.com
2025-11-04 12:10:46 UTC :: Peer name "myfortiNAC.com" matches "myfortiNAC.com"
2025-11-04 12:10:46 UTC :: check_cert_chain error is 3
2025-11-04 12:10:46 UTC :: SslStreamTransport::sslSendThread calling take()
2025-11-04 12:10:46 UTC :: Sent Conn-Request

Scope

FortiNAC Persistent Agent versions 9.x, FortiNAC-F 7.x.

Solution

Value	Description
0	Self-signed (Cert_SelfSignedError) The cert is self-signed
1	Name mismatch (Cert_MismatchError) No name in the cert matches the server name used to connect.
2	Verify Error (Cert_VerifyError) Verification failed for any other reason.
3	Success (Cert_Success) The cert was verified and trusted. This is the normal message seen when communication is successful.

Related articles:
Technical Tip: Windows Persistent Agent logs

Technical Tip: macOS Persistent Agent logs

Technical Tip: Linux Persistent Agent Logs

Technical Tip: Persistent Agent fails to communicate with 'SSL_get_verify_result' log entry

Troubleshooting Tip: Troubleshooting the Persistent Agent

Troubleshooting Tip: Connection issues with the Fortinet Persistent Agent

Troubleshooting Tip: Persistent Agent 'check_cert_chain error' log entry description

You are leaving our website