FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
arivet-AMER-FNAC-TAC
Article Id 317128
Description This article describes steps to install a root certificate on Linux, which solves cases where the persistent agent may fail to communicate with FortiNAC when the root issuer is untrusted.
Scope FortiNAC 8.X 9.X, 7.X.
Solution

Install the root certificate to the trust store.

 

  1. Obtain the root certificate.

Download the certificate from visiting the portal page or request that someone that already has it provide a copy. It will be put on the Linux host. In this example, the Desktop and root.cer are used.

 

 

  1. Convert to PEM format if not done already.

 

sudo openssl x509 -inform der -outform pem -in root.cer -out supportlab.crt

 

 

Example DER certificate which will not work:

 

Screenshot from 2024-05-24 09-22-56.png

Example of a suitable PEM certificate after conversion:


Screenshot from 2024-05-24 09-23-41.png

 

  1. Copy the certificate to the Trusted Certificates Store.

sudo cp supportlab.crt /usr/local/share/ca-certificates/

 

  1. Update the Certificate Store.

sudo update-ca-certificates

 

  1. Restart the persistent agent.

sudo service bndaemon restart


See the Ubuntu documentation for more information about installing a root CA certificate in the trust store.

Related article:
Persistent Agent Communication Failure with SSL codes