Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 04:03 AM Edited on ‎11-11-2024 09:43 PM By Community Manager

Article Id 190040

Technical Tip: Persistent Agents not communicating after installing new SSL certificate

Description


This article describes an issue when FortiNAC can not scan or send messages to Persistent Agents after a new SSL certificate has been installed.

 

Scope

 

FortiNAC, Persistent Agent.


Solution

 

Unless security has been disabled on the agents, communication between the agents and NAC starts with an SSL handshake. This requires NAC to be secured with an SSL Certificate.  If the newly installed certificate does not have all the intermediate and root certificates included, the Persistent Agent will not be able to validate the authenticity of the connection and will fail to communicate.


Ensure the following:

  1. All intermediate and root certificates have been installed.  Refer to the related KB article below.
  2. Verify the affected hosts have the appropriate root certificate installed.  For instructions, refer to the related KB article below.

 

Related articles:

Technical Note: Identify missing SSL certificates via administration UI

Technical Note: Verify Trusted Certificate Authorities on Windows or Mac OSX

Labels:
2867
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.