Hi,
I hope you can help me.
Followed this KB: Renew Certificate Expired on FortiGate - Fortinet Community
Run #execute vpn certificate local generate default-ssl-key-certs
entered 'y' to confirm, but I am still seeing that the built-in cert is expired in System --> Certificates
The system time is same with my timezone.
I can reach FortiGuard servers.
Unit is in stand alone mode.
Is there anything else which I need to look into?
Thank you very much!
If you're still seeing the expired built-in certificate after running the execute vpn certificate local generate default-ssl-key-certs command, try removing the expired certificate manually from System -> Certificates and then regenerate the certificate. Afterward, reboot the FortiGate device to ensure the new certificate is applied. Check your SSL-VPN or other related configurations to make sure they are using the updated certificate. If the issue persists, review the FortiGate logs for errors during the certificate generation process, as it may provide additional insights.
Hello @heyyo ,
If executing the commands still didn't helped to renew the built-in certificates you can try to perform both two commands as below :
#exec vpn certificate local generate default-ssl-key-certs
#exec vpn certificate local generate default-ssl-serv-key
Try to access the fortigate GUI through another browser and check again the status. Usually, the built-in certificate cannot be deleted from the firewall.
Best regards,
User | Count |
---|---|
2534 | |
1351 | |
795 | |
641 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.