Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Harold080868
New Contributor

Created on ‎07-15-2025 12:28 AM Edited on ‎07-15-2025 12:29 AM

FortiClient 7.2.x (also 7.4.x) shows invalide certificate warning after every reboot of the client

Hello,

FortiClient 7.2.x (also 7.4.x) shows invalide certificate warning after every reboot of the client, also the setting to do this on ems are not enabled. Any idea?

Fortinet says this normal.....

 

photos.jpg

ems setting.jpg

 

forticlient.jpg

Labels:
348
0 Kudos
1 Solution
AEK
SuperUser
SuperUser
In response to Harold080868

Created on ‎07-22-2025 03:53 AM

Hi Harold

Then it is normal to receive a certificate warning.

If you don't want to receive the warning then the certificate DN/SAN should be the same as the FQDN configured in your VPN connection.

In your 7.0.x probably the certificate warning was disabled, that's why you didn't see the warning.

AEK

View solution in original post

AEK
223
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎07-15-2025 03:50 AM

Hi Harold

Is it when it tries connect to SSL VPN or before? I mean since you said after every reboot then it can be related to telemetry, right?

AEK
AEK
318
Harold080868
New Contributor
In response to AEK

Created on ‎07-20-2025 09:34 PM

Hi AEK,

yes it is when I try to connect via SSL VPN (it is not the telemetry). When I connect a second time without reboot, it is not. FortiClient 7.0.x has not the behavior. Import the root certificate to the browser has no effect.

265
0 Kudos
AEK
SuperUser
SuperUser
In response to Harold080868

Created on ‎07-21-2025 05:52 AM

Is the remote FQDN configured in your SSL VPN connection the same as the certificate DN or SAN?

Is the issuer trusted by the client? Do you have its CA certificate on the client?

AEK
AEK
251
0 Kudos
Harold080868
New Contributor
In response to AEK

Created on ‎07-22-2025 12:45 AM Edited on ‎07-22-2025 10:50 PM

Hi AEK,

 

Is the remote FQDN configured in your SSL VPN connection the same as the certificate DN or SAN?
No, the certificate is fortinet default. With FortiClient 7.0.x it works.

 

Is the issuer trusted by the client? Do you have its CA certificate on the client?
As wrote this has no effect, if the issuer is installed to the browser or not.

234
0 Kudos
AEK
SuperUser
SuperUser
In response to Harold080868

Created on ‎07-22-2025 03:53 AM

Hi Harold

Then it is normal to receive a certificate warning.

If you don't want to receive the warning then the certificate DN/SAN should be the same as the FQDN configured in your VPN connection.

In your 7.0.x probably the certificate warning was disabled, that's why you didn't see the warning.

AEK
AEK
224
Harold080868
New Contributor
In response to AEK

Created on ‎07-23-2025 10:24 PM

Hi AEK,

thank you for your explanation. I'am not amused Fortinet change the properties, but I think I have no influence.

 


Best Regards

 

Harold

191
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.