Hello,
I have a problem with Fortinet Client, despite setting "Do not Warn Invalid Server Certificate" the client does not connect.
The client does not show any error messages.
Here are some log lines (vpn-provider.log) that might be helpful.
20230113 11:14:25 [VPN:INFO] PacketTunnelProvider.swift:32 VPN provider: 0245
20230113 11:14:25 [VPN:INFO] PacketTunnelProvider.swift:38 Start tunnel.
20230113 11:14:25 [VPN:INFO] SSLVPNTunnel.swift:571 Tunnel connection state: CONNECTING
20230113 11:14:25 [VPN:DEBG] SSLVPNTunnel.swift:586 On has better path change
20230113 11:14:25 [VPN:DEBG] SSLVPNTunnel.swift:594 No better path
20230113 11:14:25 [VPN:EROR] SSLVPNTunnel.swift:36 Failed to bypass certificate. error : Error Domain=NSOSStatusErrorDomain Code=-67818 "“*.omissis.net” certificate is expired" UserInfo={NSLocalizedDescription=“*.omissis.net” certificate is expired, NSUnderlyingError=0x600003e6d290 {Error Domain=NSOSStatusErrorDomain Code=-67818 "Certificate 0 “*.omissis.net” has errors: Certificate is not temporally valid;" UserInfo={NSLocalizedDescription=Certificate 0 “*.omissis.net” has errors: Certificate is not temporally valid;}}}
20230113 11:14:25 [VPN:INFO] SSLVPNTunnel.swift:561 Tunnel connection state: CANCELLED
20230113 11:14:25 [VPN:EROR] SSLVPNTunnel.swift:457 Closed while starting, with error: certificateError
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Federico,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello Federico.
Did you already have a look into this guide:
https://docs.fortinet.com/document/forticlient/7.0.7/macos-release-notes/223986/special-notices
Regards,
Yeah, I've been getting the same behavior here (12.6 Monterey, FortiClient VPN 7.0.7.0245)
TBH the solution from Fortigate is ridiculously complicated and not suitable to roll out to end users. The easy solution that worked for me was just setup LetsEncrypt to issue a genuine certificate. If the old ones need to be deleted, this was useful:
https://community.fortinet.com/t5/Support-Forum/Delete-certificate/td-p/81775
Hello everybody,
thanks for the info,
I tried to follow the guide and all the advice,
however the VPN does not work from my Mac.
In the end I took a (Windows) Pc where the VPN works.
I'll trying stuff until it works later...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.