Fixed in version F7.6.5.

However, if already running either version F7.6.3 or F7.6.4, then one of the following workarounds must be performed to recover the certificates for the Secondary Server post upgrade.

Workaround Option 1: Post upgrade, install new certificates to the Alias for the Secondary.

Workaround Option 2: Copy the existing Secondary certificate to a temporary alias and re-copy to the original alias post upgrade.

Option 2 Procedure:

Example values:

Alias for Secondary Server certificate to be preserved: LOCAL.

Primary Hostname: fnac01.nacqa.test.

Secondary Hostname: fnac02.nacqa.test.

1. Before the upgrade, create a temporary alias on the primary.

1. Go to System -> Certificate Management.
2. Select Generate CSR.
3. Configure using the table below.
4. Select OK.
5. When the Result window appears, select Close. There is no need to restart the service.

2. Copy the Secondary certificates to be preserved to the temporary alias.

1. Highlight the Secondary server certificate alias and select Copy Certificate.
2. Copy the secondary certificate to the TEMP alias. Use the table below.
3. Select OK.
4. When the Result window appears, select Close. There is no need to restart the service.

3. Upgrade FortiNAC.

    

4. After the upgrade, create a new alias with the same name as the original alias for the secondary.

1. Go to System -> Certificate Management.
2. Select Generate CSR.
3. Configure using the table below.
4. Select OK.
5. When the Result window appears, select Close. There is no need to restart the service.

5. Copy the certificate from the TEMP alias to the original Alias for Secondary.

1. Go to System -> Certificate Management.
2. Highlight the TEMP alias and select Copy Certificate.
3. Configure using the table below.
4. Select OK.
5. When the Result window appears, select Close. There is no need to restart the service.
   
   

The procedure is complete. TEMP alias can be deleted, if desired.