Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
cmaheu
Staff
Staff

Created on ‎08-10-2025 10:58 AM Edited on ‎08-11-2025 09:03 AM

Article Id 405587

Troubleshooting Tip: SSL Certificates missing after upgrade to FortiNAC-F 7.6.3

Description

This article describes behavior where SSL certificates installed for the following are missing after an upgrade to FortiNAC-F 7.6.3:

  • Any 'Local RADIUS Server (EAP)' Certificate Target (both Server Certificates and Trusted Certificates)
  • Any 'Remote API' Server Certificate Target. This affects Service Connectors configured for certificate-based authentication, such as Miscrosoft Intune.

 

To view the certificate targets in use for Server Certificates and Trusted Certificates, navigate to System -> Certificate Management.

 

Important: This behavior affects client connectivity.
Scope FortiNAC-F 7.6.3.
Solution

To be addressed in the next release.

 

Workaround:

 

Certificates and their Private Keys must be re-installed post upgrade.

 

Before Upgrade: 

  • Server Certificates: Ensure the Private Key and Server Certificate files are available for re-install for all Certificate Targets.
  • Trusted Certificates: Ensure the root certificate files used for the Certificate Targets are available for re-install.

 

Server Certificates:

  • FortiNAC's Server Certificate for the Admin UI Certificate Target can be exported via browser. If this certificate was copied to other targets (Portal, Persistent Agent, etc), it can be used for those as well.
  • For all other Certificate Targets, ensure Private Key and Certificate files are available. 

Exporting FortiNAC Server Certificate Admin UI Target (Example using Firefox Browser).

  1. Access the FortiNAC Admin UI by browsing to https://<appliance-name>:8443
  2. Select the padlock or 'i' icon next to the URL.
  3. Select the > next to the hostname.
  4. Select More Information.
  5. Under the Details tab, select Export.
  6. Save the certificate in PEM format for external use and give it a name. For example: server-CA.crt.

Export the Private Key from the FortiNAC GUI

  1. Navigate to System -> Certificate Management 
  2. Select Admin UI Certificate Target
  3. Then select Details -> Private Key
  4. Copy the whole text including the top and bottom headers.
  5. Open a new text file with (notepad or notepad++).
  6. Paste the private key text previously copied.
  7. Save the file with the name Private.key.

 

After upgrading, re-import the certificates. Proceed to the certificate import instructions below.

 

Certificates and keys not available:

 

If these files are not available, they will need to be re-issued and re-installed.

  1. Re-generate the CSR (Certificate Signing Request).
  2. Submit the CSR to be signed by a CA (Certificate Authority).
  3. Store the files to have ready to re-install after the upgrade.

For instructions, see Installing SSL Certificates - FortiNAC-F documentation.

 

Re-install Certificates After Upgrade:


Server Certificates: Upload and install the certificate post upgrade. For instructions see Installing SSL Certificates.

Trusted Certificates: Re-upload the root certificate files to the applicable certificate Targets. For instructions, see Trusted Certificates - FortiNAC-F administration guide.
Labels:
177
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.