Description
This article describes the various 'SSL_get_verify_result' error code values found in the Persistent Agent log "general.txt" and probable causes.
The file location:
Windows: C:\ProgramData\Bradford Networks\general.txt
Scope
FortiNAC
Solution
Symptom: Persistent Agent is not communicating (unable to scan, receive messages, etc).
Retrieve the agent debug logs from one of the affected machines. For instructions, refer to the KB articles below.
The following entry is found in general.txt log:
SSL_get_verify_result = 20 - Appliance is missing or has incorrect intermediate certificates installed
SSL_get_verify_result = 19 - End stations is missing root certificate
SSL_get_verify_result = 10 - Certificate has expired
SSL_get_verify_result = 18 - Self-signed certificate in use
SSL_get_verify_result = 0 - Success
The messages apart from success in detail:
SSL_get_verify_result = 20
Verify intermediate certificates on the appliance. See KB article
SSL_get_verify_result = 19
Verify root certificates on the end station. See KB article
https://community.fortinet.com/t5/FortiNAC/Technical-Note-Verify-Trusted-Certificate-Authorities-on-...
SSL_get_verify_result = 10
Verify certification expiration by navigating to System > Settings > Security > Certificate Management in the UI.
If expired, renew the certificate. See section Renew a Certificate in the SSL Certificates reference manual.
Related Articles
Technical Note: Troubleshooting the Persistent Agent
