Hey, first of all I'm already running the persistent agent with this certificate and I'm not facing any issues. I've also installed the same certificate for the Portal and Admin UI and even after restarting the services, I'm still getting a certificate warning when accessing the portal and Admin UI. Although I have the certificate and can see it in the page's certificate details, I still get the warning.
It seems like you have imported the FNAC certificate itself in the trusted root store. You have to import the CA root certificate xxxxCA-1, it should have the same name for 'Issued To' and 'Issued By'.
Is this something specific to FortiNAC? I'm able to do this using a wildcard certificate with other Fortinet products and Issued By-Issued To different. Does FortiNAC require the Issued By and the Issued To to be exactly the same?
I was referring to the certificate imported on the end host under Trusted Root Certification Authorities. This should be the root CA certificate, not the same certificate that was uploaded to FNAC. From the screenshot, I noticed that the 'Issued To' and 'Issued By' fields are different, which indicates that this is not a root CA.
The end host already has it too.
Verify that the certificate has the SAN entries, modern browsers will complain if the SAN is missing or is not matching with the domain:
This certificate only has Subject Name, no SAN.
This has become a standard requirement for most modern browsers. You will need to generate a new certificate, and if you plan to use it across multiple services, consider including all relevant domains in a single certificate as SANs.
Okay, maybe you're right. But as I said I use our wildcard certificate with other Forti products and it works even there is no SAN too. I tried wildcard certificate for this Portal and also does not work like this cert.
As I know, even with a wildcard certificate you should include the wildcard domain as SAN, it should not be left empty.
User | Count |
---|---|
2624 | |
1390 | |
804 | |
667 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.