Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
f the browser shows a hostname like Some.Authpage.com/FGTAUTH? then you match need to match the text.Adrian, I have changed the captive portal address via CLI to use an address which matches the wildcard cert *.xxx Then on the local DNS put an entry in for this to point to the interface IP. This should then work. When you say what is the exact error, the error is a certificate error.
f the browser shows a hostname like Some.Authpage.com/FGTAUTH? then you match need to match the text.Adrian, I have changed the captive portal address via CLI to use an address which matches the wildcard cert *.xxx Then on the local DNS put an entry in for this to point to the interface IP. This should then work. When you say what is the exact error, the error is a certificate error.
I am facing this issue, I have a COMODO CA public cert for authpage.mydomain.com and this dns points to Lan IP of fortigate. When i try to access https://google.com for the first time from an unauthenticated client, it redirects and throws a warning and i guess in google chrome it refuses to proceed.
One of the work around as i can understand is to use wildcard certificate for mydomain.com instead of authpage.mydomain.com. will this prevent the warning or it is not going to help?
any other workaround?
what if i want to force the user to a specific http site for the first time in the day , http sites go through the auth page without any warning. once the user is authenticated , he can go to any site.
Hi All,
I know this issue happened a while back. But I recently ran into the same thing and wanted to let you know how i resolved this.
1.You will first need to have a trusted SSL Certificate.
Gather this certificate and install it to the Fortigate.
System > Certificates > Upload Local and then CA Certificate.
2. added DNS entry to server that will point to the Fortigate and the SSL certificate install example disclaimer.mydomain.com
For a quick test to confirm the certificate is working properly you can change the admin-cert to the trusted cert you installed by going to. System > Administrators > Settings > Change Certificate to your specified Cert name.
Now on a pc local to the domain go to the dns entry you added. You should now be able to reach the firewall without getting an untrusted page.
The next steps you will be following are all inside the Fortigate.
3. Open up the CLI of the fortigate and run
config firewall policy
edit 9 (this number represents the policy ID you will be using to redirect users to a disclaimer for authentication)
set auth-redirect-addr disclaimer.mydomain.com
set auth-cert (your specified cert name)
end
**** If you have multiple policies setup for disclaimer I would recommend running those commands for each Policy ID****
4. Open up the GUI of the fortigate and browse to
User and Device > Authentication > Settings > Certificate (Your specified cert name)
You should now be complete. Test and you should see that your PC redirects to the address you had chosen and has the trusted certificate as well.
Hope this helps.
@NSGuru thanks for the explanation.
if you say Test at the end. how do you test? if you test with for example https://www.google.com do you then get it to work without certificate warnings?
NSGuru New Member Total Posts : 1Scores: 0Reward points: 0Joined: 8/3/2016Status: offline[/ul] Re: SSL Certificate Issue when using HTTPS redirect on Captive portal Thursday, August 04, 2016 5:14 AM (permalink) 0 Hi All, I know this issue happened a while back. But I recently ran into the same thing and wanted to let you know how i resolved this. 1.You will first need to have a trusted SSL Certificate. Gather this certificate and install it to the Fortigate. System > Certificates > Upload Local and then CA Certificate. 2. added DNS entry to server that will point to the Fortigate and the SSL certificate install example disclaimer.mydomain.com For a quick test to confirm the certificate is working properly you can change the admin-cert to the trusted cert you installed by going to. System > Administrators > Settings > Change Certificate to your specified Cert name. Now on a pc local to the domain go to the dns entry you added. You should now be able to reach the firewall without getting an untrusted page. The next steps you will be following are all inside the Fortigate. 3. Open up the CLI of the fortigate and run config firewall policy edit 9 (this number represents the policy ID you will be using to redirect users to a disclaimer for authentication) set auth-redirect-addr disclaimer.mydomain.com set auth-cert (your specified cert name) end **** If you have multiple policies setup for disclaimer I would recommend running those commands for each Policy ID**** 4. Open up the GUI of the fortigate and browse to User and Device > Authentication > Settings > Certificate (Your specified cert name) You should now be complete. Test and you should see that your PC redirects to the address you had chosen and has the trusted certificate as well. Hope this helps. Helpful Report AbuseForward Quote #8 boneyard Quick Reply: (Open Full Version) Paragraph Font Family Font Size Path: p Preview Submit Post Home » All Forums » [link=https://forum.fortinet.com/tt.aspx?forumid=119][Other FortiGate and FortiOS Topics][/link] » User and Authentication » SSL Certificate Issue when using HTTPS redirect on Captive portal Jump to: Jump to - - - - - - - - - - [FortiGate / FortiOS UTM features] - - - - AntiVirus - - - - Application Control - - - - Data Leak Prevention (DLP) - - - - Email filtering (AntiSPAM) - - - - Former Content Management Forum - - - - Intrusion Detection & Prevention - - - - Web Filtering [Fortinet Beta Programs] - - - - Beta Message Board [Fortinet Services] - - - - FortiCloud IOC [Other FortiGate and FortiOS Topics] - - - - Firewall - - - - Log & Report - - - - Miscellaneous -- FortiOS and FortiGate - - - - New Features -- FortiOS - - - - Routing and Transparent Mode - - - - System settings - - - - User and Authentication - - - - VPN [Other Fortinet Products] - - - - AscenLink - - - - Coyote Point - - - - FortiADC - - - - FortiAnalyzer - - - - FortiAP - - - - FortiAuthenticator - - - - FortiBalancer - - - - FortiBridge - - - - FortiCache - - - - FortiCamera & FortiRecorder - - - - FortiCarrier - - - - FortiCASB - - - - FortiClient - - - - FortiCloud - - - - FortiConnect - - - - FortiController - - - - FortiConverter - - - - FortiCore - - - - FortiDB - - - - FortiDDOS - - - - FortiDirector - - - - FortiDNS - - - - FortiExplorer - - - - FortiExtender - - - - FortiFone - - - - FortiGuard - - - - FortiHypervisor - - - - FortiMail - - - - FortiManager - - - - FortiMonitor - - - - FortiNAC - - - - Fortinet Security Fabric - - - - FortiPlanner - - - - FortiPortal - - - - FortiPresence - - - - FortiProxy - - - - FortiRPS - - - - FortiSandbox - - - - FortiScan - - - - FortiSIEM - - - - FortiSwitch - - - - FortiTester - - - - FortiToken - - - - FortiTap - - - - FortiVoice - - - - FortiWAN - - - - FortiWeb - - - - FortiWiFi - - - - Wireless Infrastructure (FortiWLC, FortiWLM, Meru) [Forum Information & Miscellaneous Topics] - - - - Forum News - - - - Ideas for Forum Site - - - - Fortinet Cookbook - - - - Knowledge Base - - - - Technical -- non-FortiOS - - - - Miscellaneous -- non-technical © 2018 APG vNext Commercial Version 5.5 Latest Posts Re: 30E - Streaming by Bose SoundTouch stucks every 10-15 Minutes Fortimanager API /sys/login/user [link=https://forum.fortinet.com/FindPost/167880/]Re: Cannot sync VPN CA certificate from FMG to FGT [FIXED][/link] 30E - Streaming by Bose SoundTouch stucks every 10-15 Minutes Re: Fortigate SSL VPN disconnects between 2-5 minutes suddenly [link=https://forum.fortinet.com/FindPost/167877/]Re: Cannot sync VPN CA certificate from FMG to FGT [FIXED][/link] IPsec VPN Connection Failure Re: Only "Super_User" profile has access to reports? Re: Only "Super_User" profile has access to reports? Re: Only "Super_User" profile has access to reports? [/ul] Active Posts [link=https://forum.fortinet.com/tm.aspx?m=143211]Cannot sync VPN CA certificate from FMG to FGT [FIXED][/link] Fortigate SSL VPN disconnects between 2-5 minutes suddenly Forticlient iPad - Browsing Files Port Forwarding on secondary Firewall 30E site-to-site VPN - slow, randomly erratic bandwidth Office 365 users can not share their document localy Captive Portal inline with FSSO error=-4006 during vpn connection Fortigate SSL inspection produces corrupt file downloads. Re: fortinet.camerabob.com/urlfilter.cgi [/ul] All FAQs There is no record available at this moment[/ul] NSGuruSelect Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.