Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
barisben
New Contributor II

FortiNAC-F Portal and Admin UI Certificate Warning

Hey, first of all I'm already running the persistent agent with this certificate and I'm not facing any issues. I've also installed the same certificate for the Portal and Admin UI and even after restarting the services, I'm still getting a certificate warning when accessing the portal and Admin UI. Although I have the certificate and can see it in the page's certificate details, I still get the warning.

 

Screenshot_2.jpgScreenshot_3.pngScreenshot_4.pngScreenshot_7.png

12 REPLIES 12
ebilcari
Staff
Staff

It seems like you have imported the FNAC certificate itself in the trusted root store. You have to import the CA root certificate xxxxCA-1, it should have the same name for 'Issued To' and 'Issued By'.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
barisben
New Contributor II

Is this something specific to FortiNAC? I'm able to do this using a wildcard certificate with other Fortinet products and Issued By-Issued To different. Does FortiNAC require the Issued By and the Issued To to be exactly the same?

ebilcari

I was referring to the certificate imported on the end host under Trusted Root Certification Authorities. This should be the root CA certificate, not the same certificate that was uploaded to FNAC. From the screenshot, I noticed that the 'Issued To' and 'Issued By' fields are different, which indicates that this is not a root CA.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
barisben
New Contributor II

The end host already has it too.

 

Screenshot_1.png

ebilcari

Verify that the certificate has the SAN entries, modern browsers will complain if the SAN is missing or is not matching with the domain:

Certificate SAN.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
barisben
New Contributor II

This certificate only has Subject Name, no SAN.

ebilcari

This has become a standard requirement for most modern browsers. You will need to generate a new certificate, and if you plan to use it across multiple services, consider including all relevant domains in a single certificate as SANs.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
barisben
New Contributor II

Okay, maybe you're right. But as I said I use our wildcard certificate with other Forti products and it works even there is no SAN too. I tried wildcard certificate for this Portal and also does not work like this cert.

ebilcari

As I know, even with a wildcard certificate you should include the wildcard domain as SAN, it should not be left empty.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors