Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Federico
New Contributor

MacOS 12.6.2 - FortinetClient VPN 7.0.7.0245 - Do not Warn Invalid Server Certificate

Hello,

I have a problem with Fortinet Client, despite setting "Do not Warn Invalid Server Certificate" the client does not connect.

 

The client does not show any error messages.

 

Here are some log lines (vpn-provider.log) that might be helpful.

 

 

20230113 11:14:25 [VPN:INFO] PacketTunnelProvider.swift:32 VPN provider: 0245
20230113 11:14:25 [VPN:INFO] PacketTunnelProvider.swift:38 Start tunnel.
20230113 11:14:25 [VPN:INFO] SSLVPNTunnel.swift:571 Tunnel connection state: CONNECTING
20230113 11:14:25 [VPN:DEBG] SSLVPNTunnel.swift:586 On has better path change
20230113 11:14:25 [VPN:DEBG] SSLVPNTunnel.swift:594 No better path
20230113 11:14:25 [VPN:EROR] SSLVPNTunnel.swift:36 Failed to bypass certificate. error : Error Domain=NSOSStatusErrorDomain Code=-67818 "“*.omissis.net” certificate is expired" UserInfo={NSLocalizedDescription=“*.omissis.net” certificate is expired, NSUnderlyingError=0x600003e6d290 {Error Domain=NSOSStatusErrorDomain Code=-67818 "Certificate 0 “*.omissis.net” has errors: Certificate is not temporally valid;" UserInfo={NSLocalizedDescription=Certificate 0 “*.omissis.net” has errors: Certificate is not temporally valid;}}}
20230113 11:14:25 [VPN:INFO] SSLVPNTunnel.swift:561 Tunnel connection state: CANCELLED
20230113 11:14:25 [VPN:EROR] SSLVPNTunnel.swift:457 Closed while starting, with error: certificateError

 

 

 

Thank you.

4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Hello Federico,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Federico.

 

Did you already have a look into this guide:

 

https://docs.fortinet.com/document/forticlient/7.0.7/macos-release-notes/223986/special-notices

 

Regards,

Anthony-Fortinet Community Team.
username12345
New Contributor II

Yeah, I've been getting the same behavior here (12.6 Monterey, FortiClient VPN 7.0.7.0245)

 

TBH the solution from Fortigate is ridiculously complicated and not suitable to roll out to end users.  The easy solution that worked for me was just setup LetsEncrypt to issue a genuine certificate.  If the old ones need to be deleted, this was useful:

 

https://community.fortinet.com/t5/Support-Forum/Delete-certificate/td-p/81775 

Federico
New Contributor

Hello everybody,
thanks for the info,
I tried to follow the guide and all the advice,
however the VPN does not work from my Mac.
In the end I took a (Windows) Pc where the VPN works.
I'll trying stuff until it works later...

Labels
Top Kudoed Authors