Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
IT-Basche
New Contributor II

Created on ‎01-24-2025 02:45 AM

FortiOS 7.0.17 & Personal Cert on GUI

Hello.

After updating our Fortigate devices (40F, 600E) to 7.0.17 we've got a window to choose a personal cert.

The windows comes up up, befor I can enter my credentials.

 

Where is this to change back (we don't use this feature), or where can I add a valid cert?

 

Thanks in advance for your answers.

 

Regards

Dirk Emmermacher

Labels:
553
0 Kudos
8 REPLIES 8
abarushka
Staff
Staff

Created on ‎01-24-2025 03:07 AM

Hello Dirk,

 

Could you please elaborate whether you are referring to certificate which is used to access FortiGate GUI or some other certificate?

 

https://docs.fortinet.com/index.php/document/fortigate/7.2.2/administration-guide/499047/using-the-d...

FortiGate
549
IT-Basche
New Contributor II

Created on ‎01-24-2025 03:20 AM

We're using a official wildcard cert.
The behaviour of the GUI is new. With 7.0.16 the login sit comes without any additional windows, where I was asked for acert.

 

FW (global) # show
config system global
set admin-server-cert "wild-card-2024"
set admin-sport xxx
set admin-ssh-port xxx
set admintimeout 30
set alias "FortiGate"
set dh-params 8192
set hostname "FW-01"
set management-port-use-admin-sport disable
set ssl-min-proto-version TLSv1-3
set ssl-static-key-ciphers disable
set switch-controller enable
set timezone 26
set vdom-mode multi-vdom
end

 

Regards

Dirk

546
0 Kudos
abarushka
Staff
Staff

Created on ‎01-24-2025 05:41 AM

Hello Dirk,

 

Could you please elaborate what you are referring to by "official wildcard cert"?

FortiGate
510
IT-Basche
New Contributor II
In response to abarushka

Created on ‎01-26-2025 10:11 PM

Good morning.

We're  using a public wildcard cert here for our devices.

436
0 Kudos
ebilcari
Staff
Staff

Created on ‎01-24-2025 05:42 AM

Based on the description it seems that the browser is asking to do certificate-based client authentication like shown here. I'm not aware that this is applied to Admin UI. If you skip the certificate selection in the browser you still get Admin access right? You can also try to clear the cache of the browser.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
509
IT-Basche
New Contributor II
In response to ebilcari

Created on ‎01-26-2025 11:09 PM

Hello Emirjon.

That would be the right place for configuration. 

The point here is, that under authetification scheme is nothing configured.

 

Would it be an option to activate the activation scheme, and disable 

the cert-auth-cookie ?

 

Regards

Dirk

428
0 Kudos
MikeParz
New Contributor

Created on ‎02-10-2025 01:08 PM

I am seeing the same behavior.   It was not happening on 7.0.16 and nothing in the article 
ebilcari posted is configured on our firewalls.   I haven't had the opportunity to open a ticket yet. 

226
0 Kudos
IT-Basche
New Contributor II
In response to MikeParz

Created on ‎02-10-2025 10:08 PM

Hello Mike.

Meanwhile we made upgrade over 7.2 to 7.4. The behaviour doesn't change .

 

Regards

Dirk

205
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.