Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor

Remote users using VPN getting Invalid Certificate

Good day,

 

I am having an issue with users connected remotely to the office using FortiGate VPN, when connected any site the uses navigate to locally on their computer show certificate errors, for example the site www.google.co.uk gets a certificate issued by FortiGate issued to www.google.co.uk.

 

Do I have to import the FortiGate certificate to the remote users computer to get this working? the users are using their own computers and not on the company domain.

 

I am quite new to FortiGate and just learning.

 

Thanks

Julian

1 Solution
anikolov
Staff
Staff

Hello Julian,

 

You can also try to move from full inspection to certificate inspection or no inspection, but this will make some of the UTM features misfiring. If you are not using UTM, with no inspection you should not face certifcate errors. For example, the application control would not work appropriately and the web filter with no inspection won't work for https traffic.

 

Here is a manual (I picked 5.4 intentionally as it has more broad explanations):
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/329138/preventing-certificate-warnings

 

Regards,

Aleksandar Nikolov

View solution in original post

2 REPLIES 2
anikolov
Staff
Staff

Hello Julian,

 

You can also try to move from full inspection to certificate inspection or no inspection, but this will make some of the UTM features misfiring. If you are not using UTM, with no inspection you should not face certifcate errors. For example, the application control would not work appropriately and the web filter with no inspection won't work for https traffic.

 

Here is a manual (I picked 5.4 intentionally as it has more broad explanations):
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/329138/preventing-certificate-warnings

 

Regards,

Aleksandar Nikolov
julianhaines

Hello,

Thanks for the advice, I found that because the computers were not domain joined they did not get the Certificates added, I manually imported and its working.

 

I am setting up a system that will auto import the certificates for non domain computers that is secure.

 

Thanks

Top Kudoed Authors