Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Network error. Can not connect to vpn server- SSL VPN error on big sur

We are getting "Network error. Can not connect to vpn server"  error while connecting SSL VPN on Big sur os.   We are using FortiGate AZUREONDEMAND firewall with  v6.4.2 build1723 (GA).

am experiencing the same error, however the solution provided is not working on the Mac

New Contributor

Getting this too on MacOS 12.6 (Monterey), FortiClient VPN 7.0.7.  The FortiGate is a 60-E running firmware 7.0.6.  No problems connecting to the same server using VPN Client 6.0.1 on Windows 10.  


The main thing that's throwing me off is the "Do not warn invalid certificate" option basically doesn't work for newer Macs.  So, the certificate must be valid.  I got a LetEncrypt cert, installed that, used a hostname that matched the cert, and now it can connect fine.  


One thing to watch out for with the cert is it needs to include the chain.  For LetEncrypt/CertBot, this is the 'fullchain.pem' file.  



I experienced the same issue on MacOS 13.1, Forticlient VPN 7.0.7, connecting to a FortiGate with invalid certificate. I was able to solve the issue without having to use a valid certificate.

First you need to download the certificate:

openssl s_client -connect {HOSTNAME}:{PORT} </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem

Afterwards, import the pem file in your keychain:

security import mycertfile.pem -k ~/Library/Keychains/login.keychain

 Then, using keychain access, open the certificate and edit the trust settings:

Screenshot 2023-02-28 at 09.02.27.png


To troubleshoot this yourself if you have this error, try eliminate the client as the issue by accessing the web portal through a web browser via where x is your IP and y is your port. Updating FortiClient to the newest version resolved the issue.



Rachel Gomez

New Contributor

Yes, there seems to be different behavior after upgrading FortiGate VPN client from 7.0.7 to 7.0.8.  I get a one-time warning about the certificate, and after that, can connect fine without warning.  Oddly, the "Do not Warn Invalid Server Certificate" checkbox always seems to remain unchecked.  


Oh well, I guess this is progress.

Top Kudoed Authors