Invalid certificate after 6.2.3 upgrade

Robert_Cerny · ‎02-18-2020

Hi,

I recently upgraded our FG 100E from 5.6.9 to 6.2.3 and suddenly cannot login to admin from WAN because of self signed certificate. I did follow upgrade path, and it was working in 6.2.2 just right. Both Safari and Chrome disallow me to load the page completely, Firefox warns me about self-signed certificate.

I can login fine from LAN using internal IP address. Is it a correct behavior?

Thanks

Robert

FG-100C FG-100A FW-50B FG-60C

andymemo · ‎03-02-2020

Thanks for your reply @Jordan_Thompson_FTNT. My thoughts / feedback on the work arounds...

[ul]

Install cert - yes, valid option, unlikely many people will do this in a single or small multi FortiGate deployment due to cost.

Use documented chrome workaround - This isn't an option, since 6.2.3 upgrade there is no 'accept warning and continue' option :(

Use another browser - pretty much the only realistic option.

Factory reset a FortiGate - definitely not an option in many cases.[/ul]

I appreciate this is not entirely Fortinet's fault as Chrome has its restrictions and other browsers work. Hopefully this is something that is resolved soon - 6.2.4 or 6.4 :)

Jordan_Thompson_FTNT · ‎03-02-2020

andymemo wrote:
[ul]
Use documented chrome workaround - This isn't an option, since 6.2.3 upgrade there is no 'accept warning and continue' option :([/ul]

Although this is true, you can type "thisisunsafe" at that screen and it will allow you to bypass it. Chrome supports this as an option to override the warnings that they show. They do change the phrase from time to time, so keep that in mind.

Celio · ‎06-22-2020

Jordan_Thompson_FTNT wrote:
andymemo wrote:
[ul]
Use documented chrome workaround - This isn't an option, since 6.2.3 upgrade there is no 'accept warning and continue' option :([/ul]

Although this is true, you can type "thisisunsafe" at that screen and it will allow you to bypass it. Chrome supports this as an option to override the warnings that they show. They do change the phrase from time to time, so keep that in mind.

Hello there,

I was searching for a solution for this same problem, FortiOS 6.2.4 and Chrome 83 on macOS Catalina and when getting the "invalid certificate" message, just typing "thisisunsafe" on the Chrome window jumps to the FortiGate login page.

"Knowledge is power"

fab138 · ‎08-05-2020

Hi All

I'm new to the community. I submitted a ticket with Fortinet for this exact problem and the tech had no idea about it and performed all kinds of things to solve the problem. Celio thanks for the "thisisunsafe" hint.

What I would like to know is if Fortinet has solved this problem yet? I'm running Fortios 6.2.4 and the problem still exists. I assume, known issue 597003 (https://docs.fortinet.com/document/fortigate/6.2.4/fortios-release-notes/289806/resolved-issues) is the problem we are running into but I can not find anywhere that this issue is addressed in any of the Fortios 6.4.x releases.

localhost · ‎08-05-2020

I don't have this issue.. but replacing the certificate looks like a quick fix to me.

Run this on a Linux Box:

openssl req -x509 -sha256 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650

Import certificate into Fortigate and then change the HTTPS server certificate on the Fortigate gui:

System -> Settings -> Administration Settings -> HTTPS Server certificate

fab138 · ‎08-05-2020

Hi All

I'm new to the community. I submitted a ticket with Fortinet for this exact problem and the tech had no idea about it and performed all kinds of things to solve the problem. Celio thanks for the "thisisunsafe" hint.

What I would like to know is if Fortinet has solved this problem yet? I'm running Fortios 6.2.4 and the problem still exists. I assume, known issue 597003 (https://docs.fortinet.com/document/fortigate/6.2.4/fortios-release-notes/289806/resolved-issues) is the problem we are running into but I can not find anywhere that this issue is addressed in any of the Fortios 6.4.x releases.