Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
scitlak
Staff
Staff

Created on ‎12-18-2023 01:21 AM Edited on ‎03-12-2025 06:09 AM By Moderator

Article Id 289774

Troubleshooting Tip: Persistent Agent Macintosh TLS Handshake Issue

Description

This article describes why in some cases, even though a local Root Certificate has been imported in Keychain and marked as 'Always Trusted', MacOS may consider this Root Certificate as untrusted. As a result, the TLS Handshake between Persistent Agent and FortiNAC may not be established.

 

In this case, even though a local Root Certificate has been imported in Keychain and marked as 'Always Trusted', it would be possible to see the following in Persistent Agent logs:


SSL_get_verify_result = 19
...
...
...

Checking Peer name fortinac.lab.local against Common or Subject-alternative-name entry fortinac.lab.local
Peer name "fortinac.lab.local" matches "fortinac.lab.local"
Refusing to connect to trust_DISTRUSTED fortinac.lab.local|fortinac.lab.local|6f:b5:1a:98:96:81:e7:49:e9:2f:b9:d2:7e:91:ff:ab:90:d2:9a:8a
Connection failed! 1
Scope FortiNAC v9.x.y, and FortiNAC-F v7.x.y.
Solution
  1. Update the Persistent Agent to the latest version.
  2. In affected MACOS, copy the root Certificate under directory /users/admin.
  3. Execute the below command on MACOS CLI to import the root Certificate as trusted:

 

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/your-root-ca-name.cer

 

  1. After, restart the Persistent Agent by using the following commands:

 

sudo launchctl unload /Library/LaunchDaemons/com.bradfordnetworks.agent.plist
sudo launchctl load /Library/LaunchDaemons/com.bradfordnetworks.agent.plist

 

Related articles:
1016
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.