Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johntsvi
New Contributor

Created on ‎03-28-2024 04:07 PM

Forticlient 7.2.3 prompts for admin credentials for certificate change on MacOS 14

I'm deploying FortiClient 7.2.3 using Jamf to macOS 14 devices. The issue we are having is that even though we have a mobileconfig profile deploying the necessary certificates and PPPC settings to the devices, when the FortiClient connects to our EMS server for the first time, it prompts for admin credentials for a certificate change. But regardless if you enter the password or cancel the prompt no change is made to the certificates in keychain. After the initial connection to EMS this prompt does not re-appear. Has anyone been able to get rid of this prompt? This wasn't an issue when we were using version 6.4.8 of FortiClient.

 

Screenshot 2024-03-28 at 4.04.35 PM.pngScreenshot 2024-03-28 at 4.05.23 PM.png

Labels:
331
0 Kudos
1 Solution
ozkanaltas
Contributor III

Created on ‎03-28-2024 11:38 PM

Hello @johntsvi ,

 

This warning is related to client certificates. FortiClientEMS gives client certificates to every client. 

 

As you said, this prompt just shows one time while initial connection to EMS. After this, the client certificate is installed on the client's computer.

 

Generally, these certificate names start with "FCTEMS". This name comes from the FortiClient serial number. You can see this, FortiClient or FortiClientEMS console. Can you check the certificate store with this name again?

 

Btw, if you don't use ZTNA, you can close the ZTNA feature on your user profile. After that, this certificate prompt will not show. Because this client certificate is related to the ZTNA feature.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
290
2 REPLIES 2
ozkanaltas
Contributor III

Created on ‎03-28-2024 11:38 PM

Hello @johntsvi ,

 

This warning is related to client certificates. FortiClientEMS gives client certificates to every client. 

 

As you said, this prompt just shows one time while initial connection to EMS. After this, the client certificate is installed on the client's computer.

 

Generally, these certificate names start with "FCTEMS". This name comes from the FortiClient serial number. You can see this, FortiClient or FortiClientEMS console. Can you check the certificate store with this name again?

 

Btw, if you don't use ZTNA, you can close the ZTNA feature on your user profile. After that, this certificate prompt will not show. Because this client certificate is related to the ZTNA feature.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
291
jintrah_FTNT
Staff
Staff

Created on ‎03-28-2024 11:49 PM

Hi,

This seems similar to an engineering report mentioned here Known issues | FortiClient 7.2.4 | Fortinet Document Library under id 905880

ZTNA certificate prompt displays when deploying FortiClient (macOS) with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on-fabric and off-fabric profile if using both.

 

Best regards,

Jin

287
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.