NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
This article describes a scenario where the Persistent Agent on a MacOS device is unable to communicate with FortiNAC, and agent logs show the following error:
SSL_get_verify_result = 14 SSL Certificate verification result: unable to get local issuer certificate
Scope
All FortiNAC, MacOS versions
Solution
Though this error refers to a specific OpenSSL error code 14 - 'the certificate notAfter field contains an invalid time' - this may be misleading.
Pay attention to the error code output 'SSL Certificate verification result: unable to get local issuer certificate'. Ensure that the full cert chain is installed on both the client and the FortiNAC server in the Persistent Agent target. Most importantly, the intermediate root certificate(s), which must be installed on FortiNAC, if the chain uses any.
