Hi All
I face problem with one computer in my network, Internet not working in many sites and show me this message:
A root certificate for "Fortinet" is required but isn’t installed
I tried with google chrome, Internet explorer, and Edge .. But I face same problem in all browsers.
Any suggestion?
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
solved
Do you mind sharing the fix?
Hello MichaelS,
This mostly happens when Deep Inspection is used in the firewall policy & if the Client does not recognize the certificate coming from the Fortigate. Can you elaborate more about the issue with firmware version, policy details, UTMs used etc.?
Best Regards,
Mohammed Ahmed
Hello - I am experiencing this same issue at 6.4.6 - can you tell us how you solved it? I have multiple people reporting this issue.
Thanks...
You need to download the root certificate from the FortiGate and install it on the endpoint's certificate store and mark it as trusted.
Ideally you install your own certificate from your own trusted PKI and do it that way.
Lots of good info here:
https://docs.fortinet.com/document/fortigate/7.0.6/administration-guide/122078/deep-inspection
And here: https://docs.fortinet.com/document/fortigate/7.2.0/best-practices/598577/ssl-tls-deep-inspection
Interesting, I wonder how this could have changed since my client had not done anything. All I did was an upgrade from 6.2.7 > 6.4.6 per the upgrade path.
Is it possible that the Cert. could have expired?
I do thank you for passing on this info. Certificates are not my strong suit.
Hello bigkeoni64,
I believe you are experiencing the issue as described here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Expiring-Let-s-Encrypt-Certificates/ta-p/1...
Known issue in 6.4.7: https://docs.fortinet.com/document/fortigate/6.4.7/fortios-release-notes/236526/known-issues - 750551
further check the website you are visiting, shows expired:
DST Root CA X3 - https://www.ssllabs.com/ssltest/analyze.html?d=corehotelsandresorts.com
Kindly visit the KB & apply the provided workarounds. The issue was fixed from 6.4.8, 7.0.4 & 7.2.0
Regards,
Mohammed Ahmed
We will be going to 6.4.8 > 6.4.9 tonight
It appears by going to flow-based instead of proxy-based on the policy did the trick for a work around.
Is there a reason why you wouldn't want to use flow based ALL the time?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.