Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

MacOS 12.6.2 - FortinetClient VPN - Do not Warn Invalid Server Certificate


I have a problem with Fortinet Client, despite setting "Do not Warn Invalid Server Certificate" the client does not connect.


The client does not show any error messages.


Here are some log lines (vpn-provider.log) that might be helpful.



20230113 11:14:25 [VPN:INFO] PacketTunnelProvider.swift:32 VPN provider: 0245
20230113 11:14:25 [VPN:INFO] PacketTunnelProvider.swift:38 Start tunnel.
20230113 11:14:25 [VPN:INFO] SSLVPNTunnel.swift:571 Tunnel connection state: CONNECTING
20230113 11:14:25 [VPN:DEBG] SSLVPNTunnel.swift:586 On has better path change
20230113 11:14:25 [VPN:DEBG] SSLVPNTunnel.swift:594 No better path
20230113 11:14:25 [VPN:EROR] SSLVPNTunnel.swift:36 Failed to bypass certificate. error : Error Domain=NSOSStatusErrorDomain Code=-67818 "“*” certificate is expired" UserInfo={NSLocalizedDescription=“*” certificate is expired, NSUnderlyingError=0x600003e6d290 {Error Domain=NSOSStatusErrorDomain Code=-67818 "Certificate 0 “*” has errors: Certificate is not temporally valid;" UserInfo={NSLocalizedDescription=Certificate 0 “*” has errors: Certificate is not temporally valid;}}}
20230113 11:14:25 [VPN:INFO] SSLVPNTunnel.swift:561 Tunnel connection state: CANCELLED
20230113 11:14:25 [VPN:EROR] SSLVPNTunnel.swift:457 Closed while starting, with error: certificateError




Thank you.

Community Manager
Community Manager

Hello Federico,


Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Anthony-Fortinet Community Team.
Community Manager
Community Manager

Hello Federico.


Did you already have a look into this guide:



Anthony-Fortinet Community Team.
New Contributor II

Yeah, I've been getting the same behavior here (12.6 Monterey, FortiClient VPN


TBH the solution from Fortigate is ridiculously complicated and not suitable to roll out to end users.  The easy solution that worked for me was just setup LetsEncrypt to issue a genuine certificate.  If the old ones need to be deleted, this was useful: 

New Contributor

Hello everybody,
thanks for the info,
I tried to follow the guide and all the advice,
however the VPN does not work from my Mac.
In the end I took a (Windows) Pc where the VPN works.
I'll trying stuff until it works later...

Top Kudoed Authors