I am using the Fortigate VM, 6.4.2 evaluation for practice (SSL-VPN is said to be supported with the evaluation license) but the fortigate is not accepting it's own generic cert. I am getting the following errors and not sure why Note: "xxx.xxx.xxx" is the remote Public IP address of the device that is using the FortiClient VPN that is attempting to SSL-VPN in.

I have attempted the following: 1) override the MTU to 1500 (there were posts saying even though default is 1500, they had to do this)

2) set ssl-max-proto-ver tls1-0, -1, -2 and -3

3) I have read people changing the algorithm to medium but those were running earlier versions using the following command:  conf ssl settings set algorithm medium

[9165:root:c6]allocSSLConn:298 sconn 0x7ffa57e17a00 (0:root)

[9165:root:c6]SSL state:before SSL initialization (xxx.xxx.xxx.xxx) [9165:root:c6]SSL state:before SSL initialization:DH lib(xxx.xxx.xxx.xxx)

[9165:root:c6]SSL_accept failed, 5:(null)

[9165:root:c6]Destroy sconn 0x7ffa57e17a00, connSize=0. (root)

[9165:root:c7]allocSSLConn:298 sconn 0x7ffa57e17a00 (0:root)

[9165:root:c7]SSL state:before SSL initialization (xxx.xxx.xxx.xxx)

[9165:root:c7]SSL state:before SSL initialization (xxx.xxx.xxx.xxx) [9165:root:c7]client cert requirement: no

[9165:root:c7]SSL state:SSLv3/TLS read client hello (xxx.xxx.xxx.xxx)

[9165:root:c7]SSL state:SSLv3/TLS write server hello (xxx.xxx.xxx.xxx)

[9165:root:c7]SSL state:SSLv3/TLS write certificate (xxx.xxx.xxx.xxx)

[9165:root:c7]SSL state:SSLv3/TLS write key exchange (xxx.xxx.xxx.xxx)

[9165:root:c7]SSL state:SSLv3/TLS write server done (xxx.xxx.xxx.xxx) [9165:root:c7]SSL state:SSLv3/TLS write server done:system lib(xxx.xxx.xxx.xxx)

[9165:root:c7]SSL state:SSLv3/TLS write server done:DH lib(xxx.xxx.xxx.xxx) [9165:root:c7]SSL_accept failed, 5:(null)

[9165:root:c7]Destroy sconn 0x7ffa57e17a00, connSize=0. (root) Thanks in advance!