Description
This article describes how broken SSL/TLS certificate chains from missing intermediates can cause trust errors and offers solutions.
Scope
All models of FortiWeb.
Solution
Users may receive one of the following browser trust errors or prompts:
- 'Not Secure':
- 'Your connection is not private':
This is a known issue that occurs with certificates on mobile phone devices where the browser cannot locate the intermediate CA and will instead show an error message.
To resolve the issue, download the intermediate CA file from a certificate authority such as DigiCert.com or godaddy.com, then import it into FortiWeb by following the steps below:
- Go to Server Objects -> Certificates -> Intermediate CA.
- Select 'Import’ then 'Local PC' and choose the intermediate certificate file.
- Select 'OK' to save it. Afterwards, the certificate should be displayed, as shown in the following screenshot:
- Select 'Intermediate CA Group' and then 'Create New' to create a new group or edit the existing group that would be used in the server policy.
- Provide the 'Intermediate CA Group' name and select 'OK' to save:
Next, select 'Create New' to add 'Inter_Cert_1' into the group.
-
Finally, select the Intermediate CA group in the server policy under Policy -> Server Policy.Edit the policy and choose the 'Certificate Intermediate Group' that was created earlier as shown below:
