I managed to manually install on a PC to test the Persistent Agent. Now I can register the PC but I still have a problem: when I open the browser I get the message that I have to register. Before reaching the registration page I am informed that the connection is not secure. (NET::ERR_CERT_AUTHORITY_INVALID).
Once I accept the risk I can register. For authentication I use the domain user.
I also find log messages in the Persistent Agent logs:
2024-10-28 09:59:17 UTC :: peer CommonName = bradfordnetworks.com
2024-10-28 09:59:17 UTC :: Checking Peer name fortinac.mydomain.com against Common or Subject-alternative-name entry bradfordnetworks.com
2024-10-28 09:59:17 UTC :: Peer name "fortinac.mydomain.com" doesn't match "bradfordnetworks.com"
2024-10-28 09:59:17 UTC :: Refusing to connect to trust_DISTRUSTED fortinac.it-present.com|bradfordnetworks.com|09:6e:cf:15:bd:ea:b9:1e:26:21:75:d5:86:9a:8e:37:15:f5:d4:a9
2024-10-28 09:59:17 UTC :: Connection failed! 1
I installed the certificates as trusted.
I searched the documentation but was unable to resolve the issue.
Thanks in advance.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You may use the same certificate for all of them or you may generate different certificates for each of them.
Especially for the portal, if you would like to guest registration, it would be better to have a publicly signed certificate. As I mentioned, you may use the same certificate for all of them.
BRs
Hello,
You probably use the default TLS certificate for your Persistent Agent in FortiNAC.
According to logs, PA tries to establish an SSL/TLS handshake with your FortiNAC but it fails since the FQDN is not in the CN or SAN of your Certificate.
Your FortiNAC FQDN should be in the Certificate`s SAN or CN. (in your case fortinac.mydomain.com).
You need to create a certificate for your FortiNAC persistent Agent with the appropriate CN or SAN.
BRs
Created on 11-05-2024 05:16 AM Edited on 11-05-2024 05:44 AM
Hello,
My IT colleagues provided me with certificates (file extension: p7b) which I successfully imported into Trusted Certificates.
I thought that was enough.
Do I therefore have to have 3 certificates generated? 1 for Persistent Agent, 1 for Admin UI and 1 for portal?
Hi,
You may use the same certificate for all of them or you may generate different certificates for each of them.
Especially for the portal, if you would like to guest registration, it would be better to have a publicly signed certificate. As I mentioned, you may use the same certificate for all of them.
BRs
Thanks,
I wil start to create a certificate for Persistent Agent.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.