Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
koolishami
Staff
Staff

Created on ‎01-23-2026 02:16 AM

Article Id 427848

Troubleshooting Tip: Resolving 'Invalid License' error due to SSL configuration issues in FortiSIEM

Description This article describes the steps to resolve the 'Invalid License' error due to SSL connection issues in FortiSIEM. The error occurs when there are SSL configuration issues.
Scope FortiSIEM v7.x+.
Solution

To resolve the 'Invalid License' error and SSL connection issues in FortiSIEM, follow these steps:

  1. Verify that the license file is properly uploaded to the FortiSIEM server. Ensure that the license file is not corrupted and is in the correct format.
  2. Check the SSL configuration on the FortiSIEM server. Ensure that the SSL certificates are properly installed and configured.
  3. Try restarting the FortiSIEM services and check if the issue persists.
  4. If the issue persists, change the internal SSL configuration to the default: 
  1. From both Supervisor and Worker nodes, run the following against each other:

 

openssl s_client -connect <IP>:7900 -showcerts

 

  1. If an outdated certificate is presented, inspect:


/opt/phoenix/config/phoenix_config.txt

 

  1. Verify that the following parameters do not reference outdated certificates:


notification_client_cert_file
notification_client_key_file
notification_server_cert_file
notification_server_key_file

 

  1. Update these parameters to match the default certificate paths used in the environment (no value means empty):


notification_client_cert_file=
notification_client_key_file=
notification_server_cert_file=/etc/pki/tls/certs/localhost.crt
notification_server_key_file=/etc/pki/tls/private/localhost.key

 

  1. Remove deprecated CA references:

  1. If SSL errors such as the following persist:

     

certificate verify failed

tlsv1 alert unknown ca

 

  1. Check and clear the following parameters if they reference deprecated CA bundles:


notification_server_ca_file
notification_server_ca_dir

 

  1. Revert /etc/httpd/conf.d/ssl.conf to the default configuration as seen below:


SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

 

  1. Restart and validate:

  1. Restart FortiSIEM services on all nodes.

  2. Re-run the openssl s_client test to confirm:

    1. The correct certificate is presented.

    2. SSL handshakes are completed successfully.

    3. Supervisor and Worker nodes communicate normally.

 

In addition to these steps, it is also recommended to check the FortiSIEM logs (/opt/phoenix/log/phoenix.log) for any error messages related to the license or SSL configuration. This can help identify the root cause of the issue and provide more detailed information for troubleshooting.
41
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.