Built in Cert no Renewing even after running the command

heyyo · ‎01-16-2025

Hi,

I hope you can help me.

Followed this KB: Renew Certificate Expired on FortiGate - Fortinet Community

Run #execute vpn certificate local generate default-ssl-key-certs

entered 'y' to confirm, but I am still seeing that the built-in cert is expired in System --> Certificates

The system time is same with my timezone.

I can reach FortiGuard servers.

Unit is in stand alone mode.

Is there anything else which I need to look into?

Thank you very much!

firacode · ‎01-16-2025

If you're still seeing the expired built-in certificate after running the execute vpn certificate local generate default-ssl-key-certs command, try removing the expired certificate manually from System -> Certificates and then regenerate the certificate. Afterward, reboot the FortiGate device to ensure the new certificate is applied. Check your SSL-VPN or other related configurations to make sure they are using the updated certificate. If the issue persists, review the FortiGate logs for errors during the certificate generation process, as it may provide additional insights.

ametkola · ‎01-17-2025

Hello @heyyo ,

If executing the commands still didn't helped to renew the built-in certificates you can try to perform both two commands as below :

#exec vpn certificate local generate default-ssl-key-certs

#exec vpn certificate local generate default-ssl-serv-key

Try to access the fortigate GUI through another browser and check again the status. Usually, the built-in certificate cannot be deleted from the firewall.

Best regards,

Built in Cert no Renewing even after running the command

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website