Troubleshooting Tip: Error when updating Portal SSL mode or portal SSL certificate

cmaheu · ‎05-11-2022

Description

This article discusses the behavior where an error is generated in UI when applying SSL certificate to the captive portal or changing the Portal SSL mode.

This can occur if the appliance is unable to establish SSH communication to itself. The appliance establishes an SSH session to restart the apache service.

Scope

Version: 8.x and 9.x.

Solution

Single appliance: Verify appliance can SSH to itself without being prompted to enter a password.

Login to CLI as root and type:

ssh <appliance's eth0 IP address>

Separate Control and Application servers: Verify Control Server can SSH to the Application Server without being prompted to enter a password.

Login to Control Server CLI as root and type:

ssh <Application Server's eth0 IP address>

Example of a successful session for a single appliance (where myfnac IP address is 10.12.242.16)

root@myfnac:~
> ssh 10.12.242.16
Last login: Wed May 11 11:16:34 2022 from myfnac.mycompany.com

*************************************************************************
Recognized platform: Linux
Distribution: CentOS Linux release 7.9.2009 (Core)
OS Kernel: 3.10.0-1160.53.1.el7.x86_64
Home directory: /root
Terminal type: xterm

Product Type: NetworkControlApplicationServer
Appliance Type: FortiNAC FNVMCA
Version: 9.1.6.0162 (GA)
Build Date: Wed 13-Apr-2022
*************************************************************************

FortiNAC FNVMCA
root@myfnac:~
>

If prompted for password see related KB article Configure SSH keys.