Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johntsvi
New Contributor

Forticlient 7.2.3 prompts for admin credentials for certificate change on MacOS 14

I'm deploying FortiClient 7.2.3 using Jamf to macOS 14 devices. The issue we are having is that even though we have a mobileconfig profile deploying the necessary certificates and PPPC settings to the devices, when the FortiClient connects to our EMS server for the first time, it prompts for admin credentials for a certificate change. But regardless if you enter the password or cancel the prompt no change is made to the certificates in keychain. After the initial connection to EMS this prompt does not re-appear. Has anyone been able to get rid of this prompt? This wasn't an issue when we were using version 6.4.8 of FortiClient.

 

Screenshot 2024-03-28 at 4.04.35 PM.pngScreenshot 2024-03-28 at 4.05.23 PM.png

1 Solution
ozkanaltas
Valued Contributor III

Hello @johntsvi ,

 

This warning is related to client certificates. FortiClientEMS gives client certificates to every client. 

 

As you said, this prompt just shows one time while initial connection to EMS. After this, the client certificate is installed on the client's computer.

 

Generally, these certificate names start with "FCTEMS". This name comes from the FortiClient serial number. You can see this, FortiClient or FortiClientEMS console. Can you check the certificate store with this name again?

 

Btw, if you don't use ZTNA, you can close the ZTNA feature on your user profile. After that, this certificate prompt will not show. Because this client certificate is related to the ZTNA feature.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
2 REPLIES 2
ozkanaltas
Valued Contributor III

Hello @johntsvi ,

 

This warning is related to client certificates. FortiClientEMS gives client certificates to every client. 

 

As you said, this prompt just shows one time while initial connection to EMS. After this, the client certificate is installed on the client's computer.

 

Generally, these certificate names start with "FCTEMS". This name comes from the FortiClient serial number. You can see this, FortiClient or FortiClientEMS console. Can you check the certificate store with this name again?

 

Btw, if you don't use ZTNA, you can close the ZTNA feature on your user profile. After that, this certificate prompt will not show. Because this client certificate is related to the ZTNA feature.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
jintrah_FTNT
Staff
Staff

Hi,

This seems similar to an engineering report mentioned here Known issues | FortiClient 7.2.4 | Fortinet Document Library under id 905880

ZTNA certificate prompt displays when deploying FortiClient (macOS) with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on-fabric and off-fabric profile if using both.

 

Best regards,

Jin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors