Troubleshooting Tip: Unable to update SSL Certific...

FortiNAC-F

FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.

Article Id 420014

Description

This article describes a workaround to update the certificate in FortiNAC-F v7.6.3 or v7.6.4 when NACOS is in High Availability.

Scope

FortiNAC-F v7.6.3, v7.6.4.

Solution

In some deployments, there are cases in FortiNAC v7.6.3 and 7.6.4 where SSL Certificates of either or both of the nodes are not updated in actual, even though it appears updated in the GUI under System -> Certificates.
In such cases, FortiNAC presents the same old self-signed certificate that comes pre-installed. Below are some screenshots:

Certificates appear as updated in System -> Certificates:

2025-11-21 17_44_45-11300358.mp4 - VLC media player.png

However, FortiNAC is still presenting a self-signed certificate when the Admin UI is opened.

Also, when checking via CLI, certificates are not updated, and a self-signed certificate is presented, for example:

2025-11-21 17_46_42-11300358.mp4 - VLC media player.png

2025-11-21 17_48_13-11300358.mp4 - VLC media player.png

Solution:

To update the certificate:

Remove high availability configuration.
Update certificates on each node individually.
Re-create high availability.

This behavior will be addressed in FortiNAC v7.6.5.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Unable to update SSL Certificate on FortiNAC v7.6.3 or v7.6.4 in HA mode

You are leaving our website