I'm deploying FortiClient 7.2.3 using Jamf to macOS 14 devices. The issue we are having is that even though we have a mobileconfig profile deploying the necessary certificates and PPPC settings to the devices, when the FortiClient connects to our EMS server for the first time, it prompts for admin credentials for a certificate change. But regardless if you enter the password or cancel the prompt no change is made to the certificates in keychain. After the initial connection to EMS this prompt does not re-appear. Has anyone been able to get rid of this prompt? This wasn't an issue when we were using version 6.4.8 of FortiClient.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @johntsvi ,
This warning is related to client certificates. FortiClientEMS gives client certificates to every client.
As you said, this prompt just shows one time while initial connection to EMS. After this, the client certificate is installed on the client's computer.
Generally, these certificate names start with "FCTEMS". This name comes from the FortiClient serial number. You can see this, FortiClient or FortiClientEMS console. Can you check the certificate store with this name again?
Btw, if you don't use ZTNA, you can close the ZTNA feature on your user profile. After that, this certificate prompt will not show. Because this client certificate is related to the ZTNA feature.
Hello @johntsvi ,
This warning is related to client certificates. FortiClientEMS gives client certificates to every client.
As you said, this prompt just shows one time while initial connection to EMS. After this, the client certificate is installed on the client's computer.
Generally, these certificate names start with "FCTEMS". This name comes from the FortiClient serial number. You can see this, FortiClient or FortiClientEMS console. Can you check the certificate store with this name again?
Btw, if you don't use ZTNA, you can close the ZTNA feature on your user profile. After that, this certificate prompt will not show. Because this client certificate is related to the ZTNA feature.
Hi,
This seems similar to an engineering report mentioned here Known issues | FortiClient 7.2.4 | Fortinet Document Library under id 905880
ZTNA certificate prompt displays when deploying FortiClient (macOS) with Jamf Pro configuration profiles.
Workaround: enable ZTNA in both on-fabric and off-fabric profile if using both.
Best regards,
Jin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.