Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
barisben
New Contributor II

Created on ‎08-13-2025 02:37 AM Edited on ‎08-13-2025 06:17 AM

FortiNAC-F Portal and Admin UI Certificate Warning

Hey, first of all I'm already running the persistent agent with this certificate and I'm not facing any issues. I've also installed the same certificate for the Portal and Admin UI and even after restarting the services, I'm still getting a certificate warning when accessing the portal and Admin UI. Although I have the certificate and can see it in the page's certificate details, I still get the warning.

 

Screenshot_2.jpgScreenshot_3.pngScreenshot_4.pngScreenshot_7.png

Labels:
405
0 Kudos
12 REPLIES 12
ebilcari
Staff
Staff

Created on ‎08-13-2025 02:56 AM

It seems like you have imported the FNAC certificate itself in the trusted root store. You have to import the CA root certificate xxxxCA-1, it should have the same name for 'Issued To' and 'Issued By'.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
330
0 Kudos
barisben
New Contributor II
In response to ebilcari

Created on ‎08-13-2025 04:37 AM

Is this something specific to FortiNAC? I'm able to do this using a wildcard certificate with other Fortinet products and Issued By-Issued To different. Does FortiNAC require the Issued By and the Issued To to be exactly the same?

298
0 Kudos
ebilcari
Staff
Staff
In response to barisben

Created on ‎08-13-2025 04:49 AM

I was referring to the certificate imported on the end host under Trusted Root Certification Authorities. This should be the root CA certificate, not the same certificate that was uploaded to FNAC. From the screenshot, I noticed that the 'Issued To' and 'Issued By' fields are different, which indicates that this is not a root CA.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
292
0 Kudos
barisben
New Contributor II
In response to ebilcari

Created on ‎08-13-2025 04:52 AM

The end host already has it too.

 

Screenshot_1.png

286
0 Kudos
ebilcari
Staff
Staff
In response to barisben

Created on ‎08-13-2025 06:59 AM

Verify that the certificate has the SAN entries, modern browsers will complain if the SAN is missing or is not matching with the domain:

Certificate SAN.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
244
0 Kudos
barisben
New Contributor II
In response to ebilcari

Created on ‎08-13-2025 07:25 AM

This certificate only has Subject Name, no SAN.

232
0 Kudos
ebilcari
Staff
Staff
In response to barisben

Created on ‎08-13-2025 07:30 AM

This has become a standard requirement for most modern browsers. You will need to generate a new certificate, and if you plan to use it across multiple services, consider including all relevant domains in a single certificate as SANs.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
226
0 Kudos
barisben
New Contributor II
In response to ebilcari

Created on ‎08-13-2025 07:49 AM

Okay, maybe you're right. But as I said I use our wildcard certificate with other Forti products and it works even there is no SAN too. I tried wildcard certificate for this Portal and also does not work like this cert.

215
0 Kudos
ebilcari
Staff
Staff
In response to barisben

Created on ‎08-13-2025 08:02 AM

As I know, even with a wildcard certificate you should include the wildcard domain as SAN, it should not be left empty.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
210
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.