Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiClient EMS Certificate Check


We would like to make our telemetry connection safer by allowing only the clients that have the EMS certificate on their computers to make a telemetry connection. So we would like to enable "Use SSL certificate for Endpoint Control", but we have concern that it may cause all telemetry connection gets dropped.

We'd like to enable this option, and send a different profile, that has invalid certificate action drop action, to test computers. But again, we concern that enabling "Use SSL certificate for Endpoint Control" may cause all telemetry connection to drop. Has anyone experience this before? Can we enable certificate check for just test computers first?

Thanks and best regards

Since this is a global change it will affect every client connection. I don't think there is a way to use it only for a group of computers. Some more details are shown here.

If the computers are part of a domain and if the certificate of the EMS is generated by the private CA of the domain you will be safe to apply this change since the computers will already have the CA on their trust store.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Top Kudoed Authors