Hello,
I have a problem with establishing SSL VPN connection and I had the same error in var/log/forticlient/sslvpn.log for few versions of forticlient (latest, this one i.e. 7.2.3.0790 and some other 7.4.x versions)
[sslvpn:DEBG] vpn_connection:307 SSL error: error:0308010C:digital envelope routines::unsupported
[sslvpn:EROR] vpn_connection:463 Failed parse PKCS#12 file
[sslvpn:EROR] vpn_connection:1528 Failed create SSL
I found this article https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-How-to-verify-the-ciphers-used-in-a-PK... but i can not apply the suggested workaround since i can not import public an private part of the p12 separately in forticlient vpn ( the article explains similar problem for fortianalyzer)
I would isolate these errors as the most important, but i would like to mention another one appearing, also which is:
ns:203 Failed to open /etc/nm_resolv.forticlient.backup
I tried installation from repo and dpkg also.
The last one is using forticlient_7.2.3.0790_amd64.deb
version of OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
and OS version is Ubuntu "22.04.1 LTS (Jammy Jellyfish)"
My p12 file has same password for keystore and keypair (pwd policy is 22 alphanumeric characters) - although i am not sure that this affects this scenario in anyway
I would kindly ask for some support about this issue if possible.
P.S. I am interested in free version of forticlient, so if you see that this is not what i need, please recommend me the correct version
Thank you in advance!
Hristina
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Hristina
If I understand well the tech tip you shared shows how to extract private key and cert and in the same time convert the cipher function to a non-deprecated one.
If FortiClient doesn't accept them separated then you should be able to re-merge them as they, I mean with supported cipher function, then use it in FCT.
The merge command should be something approximately like this:
openssl pkcs12 -export -out new.pfx -inkey priv.key -in cert.cer
Hope I'm not wrong.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.