Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinet-davidy
New Contributor

Created on ‎01-25-2023 11:58 AM

Access fortigate via http and https

Hi Please see the below config, which include http and https. why I can only access it via http instead of https? thanks

 

 

FG01 # sh system interface
config system interface
edit "port1"
set vdom "root"
set ip 192.168.1.221 255.255.255.0
set allowaccess ping https ssh http
set type physical
set snmp-index 1

Labels:
14537
0 Kudos
2 Solutions
gfleming
Staff
Staff
In response to fortinet-davidy

Created on ‎01-26-2023 09:35 PM

You can just try using the factory cert. It should work. Please try:

 

config system global
  set auth-cert Fortinet_GUI_Server
end

 

More info here: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/499047/using-the-default-cer...

 

You can also of course create your own certificate from your own PKI if you have one.

Cheers,
Graham

View solution in original post

14437
0 Kudos
pminarik
Staff
Staff
In response to fortinet-davidy

Created on ‎01-27-2023 01:34 AM Edited on ‎01-27-2023 01:34 AM

It's an unlicensed trial VM, isn't it?
If yes, that's how it should work. HTTP only.

 

HTTPS for admin GUI on trial VMs works only since the permanent trial VM change in 7.2.1. (link)

[ corrections always welcome ]

View solution in original post

14422
0 Kudos
15 REPLIES 15
gfleming
Staff
Staff

Created on ‎01-25-2023 01:38 PM 

 get system global | grep admin-sport

 

that will show you what port you need to use to get access to the HTTPS connection.

Cheers,
Graham
12721
0 Kudos
fortinet-davidy
New Contributor

Created on ‎01-25-2023 01:53 PM

Thanks for your reply! Please see the below. Is that meaning 443 is open? but i still cannot access it via https.

 

FG01 # get system global | grep admin-sport
admin-sport : 443

12719
0 Kudos
gfleming
Staff
Staff
In response to fortinet-davidy

Created on ‎01-25-2023 02:14 PM

What happens when you try to access it?

 

It is possible you have something conflicting with it such as SSL VPN or a VIP?

Cheers,
Graham
12717
0 Kudos
fortinet-davidy
New Contributor
In response to gfleming

Created on ‎01-25-2023 04:07 PM Edited on ‎01-25-2023 04:07 PM

When I access it via https, I got the below page. why no problem with http? 

the second screenshot is NMAP scaning result. is there some issue? I can see some error in it. 

 

 

fortinetdavidy_1-1674691385276.png

 

 

fortinetdavidy_0-1674691233648.png

 

12709
0 Kudos
gfleming
Staff
Staff
In response to fortinet-davidy

Created on ‎01-25-2023 04:38 PM

Likely an issue with the certificate on the Fortigate that is being used for SSL communications. Can you try a different browser like Firefox? Do you get a different message?

 

Is your date/time set correctly on both the FortiGate and the computer?

 

Can you show the certificate details? Click on the icon/tab next to the URL and see what it shows:

gfleming_0-1674693516643.png

 

 

Cheers,
Graham
12706
0 Kudos
fortinet-davidy
New Contributor
In response to gfleming

Created on ‎01-25-2023 05:46 PM

 

Attached two pictures: the first one is from Chrome where it does not Certificate item,  and second is from Firefox. 

 

fortinetdavidy_0-1674697074231.png

 

 

 

fortinetdavidy_1-1674697340536.png

 

12703
0 Kudos
gfleming
Staff
Staff
In response to fortinet-davidy

Created on ‎01-25-2023 08:32 PM

Do you have any VIPs doing DNAT on port 443?

 

Do you have SSL VPN configured for port 443?

 

Can you show output of 

get system global | grep auth-cert

 

And what version of FortiOS?

Cheers,
Graham
12694
0 Kudos
fortinet-davidy
New Contributor
In response to gfleming

Created on ‎01-26-2023 05:40 PM Edited on ‎01-26-2023 05:43 PM

Hi Graham, thanks for your reply. Please see the below

It looks like certificate issue. if so we need to get the self certificate out from the device and imput it into web browser, right? 

 

 

FG01 # get system global | grep auth-cert
auth-cert : self-sign

12680
0 Kudos
gfleming
Staff
Staff
In response to fortinet-davidy

Created on ‎01-26-2023 09:35 PM

You can just try using the factory cert. It should work. Please try:

 

config system global
  set auth-cert Fortinet_GUI_Server
end

 

More info here: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/499047/using-the-default-cer...

 

You can also of course create your own certificate from your own PKI if you have one.

Cheers,
Graham
14438
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.