Hi, I had upgraded my FortiGate from FortiOS 7.2.x to FortiOS 7.4.3. I am currently using deep packet inspection ssl profile. Is it expected that I also import again Fortinet_CA_SSL into my browser every time I upgrade? Is this a normal process - Upgrade of FortiOS = Import of Certificate again into the browser?
I am currently having issues with SSL after the upgrade.
Thank you!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Generally shouldn't need to, unless your FGTs are in HA and an upgrade caused a primary and secondary swap. That certificate's CN is the FGT unit's S/N. So user devices need to have all cluster unit's certificates installed.
Toshi
Hi heyyo,
There is no need import certificate again.If you any change after upgrade, myabe you have a bug or you can check your configuration again.
BR.
Hello @heyyo ,
Generally there is no need to import the certificate again when you upgrade your FortiGate firmware, The certificate used for SSL deep inspection should persist through upgrades unless it has been explicitly changed or re-generated during the upgrade process.
As you informed you are facing this issue to verify the Certificate
Check if the existing Fortinet_CA_SSL certificate is still present and correctly configured on FortiGate by running the below command
config vpn certificate local
show full
Also, we need to check the logs for any SSL-related errors that might indicate the root cause of the issue.
Thanks,
Pavan
Generally shouldn't need to, unless your FGTs are in HA and an upgrade caused a primary and secondary swap. That certificate's CN is the FGT unit's S/N. So user devices need to have all cluster unit's certificates installed.
Toshi
Hi heyyo,
There is no need import certificate again.If you any change after upgrade, myabe you have a bug or you can check your configuration again.
BR.
Hello @heyyo ,
Generally there is no need to import the certificate again when you upgrade your FortiGate firmware, The certificate used for SSL deep inspection should persist through upgrades unless it has been explicitly changed or re-generated during the upgrade process.
As you informed you are facing this issue to verify the Certificate
Check if the existing Fortinet_CA_SSL certificate is still present and correctly configured on FortiGate by running the below command
config vpn certificate local
show full
Also, we need to check the logs for any SSL-related errors that might indicate the root cause of the issue.
Thanks,
Pavan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.