Hello all.
i've problem with my ssl certificate on my fortigate below design before explain you problem .
Since home, i try to connect to my switch office (cisco switch SG-250) by using ssl vpn. but it's not working i've the message bellow
i look for on internet and one way to resolve that, it to allow invalid cerfiticate. i do it and now it's working but not secure.
I want to resolve without allow invalid certificate how can i make it.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hey Stoller,
is that certificate on the FortiGate or Cisco Switch?
The best way would probably be to replace it with a valid certificate.
FortiGate includes a self-signed default certificate (which is not trusted by a CA, and can't be verified by browsers). This means that if Fortigate is encrypting this connection, it will not be trusted in another browser. To prevent that, you need to install a 3rd party certificate (not sold by Fortinet).
Some documents that may help:
https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-avoid-certificate-error-message-by...
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/565000/preventing-certificate-warnings-d...
thanks alex
You're accessing the SG-250 (very old switch) via GUI(HTTPS) and its certificate has been expired long time ago. The FGT is just in the middle and checking the certificates (as you configured) coming from the server(SG-250) side and found it invalid. If you don't want to make FGT ignoring invalid certificates, your options are one of these:
1. As Alex says, get a proper certificate signed by one of common CAs and import/install it to the SG-250 [the best option among these]
2. Stop using GUI/HTTPS to manage the SG-250. CLI/SSH or HTTP would be the options.
3. Cisco might have an updated default cert. Ask their community.
Toshi
thanks so much toshi. it's more clear. i will try to use option 1 and back to you soon
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.