Hello, when using a certificate inspection profile, the browser warns with ERR_CERT_AUTHORITY_INVALID, because the certificate issuer is 'Fortinet Untrusted CA'
Why can't the Forti verify website certificate?
FortiOS v6.2.15
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This is a recent issue that was discovered on Monday, you should be able to recover by restarting the fnbamd, and maybe wad processses.
1, Find the PID of fnbamd:
diag sys process pidof fnbamd
=> Note the PID number and use it in the next command
2, restart fnbamd:
diag sys kill 11 <PID>
=> Try accessing the affected website again. (it's a good idea to retry in freshly restarted browser, possibly even in incognito, to ensure that no caching is giving you false negatives)
3, If that's not enough yet, restart wad (various proxying functions):
diag test app wad 99
=> Note that this may cause a short disruption to currently inspected traffic.
4, If the above options fail (not very likely), a restart of the firewall should be the last-resort definitive solution. (if using a cluster, you may need to gradually restart both units)
Note that this issue is specific to 6.0 and 6.2 firmware versions. If you're observing seemingly similar issues in other branches, the cause (and solutions) may differ.
Last but not least, if your model supports it, you should strongly consider upgrading to a newer branch, as 6.2 will reach complete end of support this September.
This is a recent issue that was discovered on Monday, you should be able to recover by restarting the fnbamd, and maybe wad processses.
1, Find the PID of fnbamd:
diag sys process pidof fnbamd
=> Note the PID number and use it in the next command
2, restart fnbamd:
diag sys kill 11 <PID>
=> Try accessing the affected website again. (it's a good idea to retry in freshly restarted browser, possibly even in incognito, to ensure that no caching is giving you false negatives)
3, If that's not enough yet, restart wad (various proxying functions):
diag test app wad 99
=> Note that this may cause a short disruption to currently inspected traffic.
4, If the above options fail (not very likely), a restart of the firewall should be the last-resort definitive solution. (if using a cluster, you may need to gradually restart both units)
Note that this issue is specific to 6.0 and 6.2 firmware versions. If you're observing seemingly similar issues in other branches, the cause (and solutions) may differ.
Last but not least, if your model supports it, you should strongly consider upgrading to a newer branch, as 6.2 will reach complete end of support this September.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.