- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fail to create SSL
The secenario is that I was using Forticlient VPN (vpn only version) for remote access. On windows, it works fine with the .crt and .pkf local certificate. However, on Ubuntu, I tried same with those cert and receive a fail to create SSL.
I did research but there was the FortiManagerr and FortiAnalyzer at https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-How-to-verify-the-ciphers-used-in-a-PK... but I'm not sure it works the same.
The debug log is as below:
20240823 09:08:53.049 TZ=+0700 [sslvpn:DEBG] vpn_connection:307 SSL error: error:0308010C:digital envelope routines::unsupported
20240823 09:08:53.049 TZ=+0700 [sslvpn:EROR] vpn_connection:463 Failed parse PKCS#12 file
20240823 09:08:53.049 TZ=+0700 [sslvpn:EROR] vpn_connection:1518 Failed create SSL
Anyone that got into such problem and found the way to overcome? Thanks and appreciate any help would come up!
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello khanhtran,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This looks like a SSL version issue.
Please share the following:
- FortiClient version
- Linux version ($ cat /etc/os-release)
- OpenSSL version ($ openssl version)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient VPN (vpn only) version 7.2.2 & 7.4.0
Linux Version : Ubuntu 22.04.4
OpenSSL version: OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Note:
I tried at config of openssl for the legacy sect to make it default flag for -legacy ( which does overcome the mentioned issue when parsing pkcs#12), however, Forticlient VPN doesn't take effect with that configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your certificate was generated with legacy provider.
I believe the document your shared should be applicable to FortiClient as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have tried, however, I dont have base knowledge for that solution for generating .pub so I couldnt reproduce one with that solution. On the other hand, i have tried Forticlient 6.4.8 and it successfully run for the same case. I also tried get into the build of Forticlient app and I believe it uses built-in openssl ( I saw compiled files regard ssl like .pyc). Could see thaton same OS & Openssl version of machine. 6.x.x worked while 7.x.x failed. I would appreciate if I can find .deb of Forticlient VPN ver 6.x.x or there is a way to config openssl.cnf of which Forticlient uses. And thanks for your quick response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are looking for old FCT VPN version you can download it from support portal > Support menu > Firmware Download, then select FortiClientLinux and the needed version.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But I dont have a contract for it so I couldn't make it. Again, thanks for your support!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you try to install it from Fortinet Repo?
https://www.fortinet.com/support/product-downloads/linux
I didn't try but I think it should work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I installed so but of course it was going with the license need, while I was looking for a VPN only version which technically free. Thanks for you recommendation