Hi.
Upgraded to the latest available release for macOS (7.0.7.0245), but we're still unable to bypass expired certificate error.
Apparently, this is not an issue with Linux and Windows clients.
Is it possible to bypass it on macOS too?
thanks
20221219 09:32:59 [VPN:INFO] PacketTunnelProvider.swift:32 VPN provider: 0245
20221219 09:32:59 [VPN:INFO] PacketTunnelProvider.swift:38 Start tunnel.
20221219 09:32:59 [VPN:INFO] SSLVPNTunnel.swift:571 Tunnel connection state: CONNECTING
20221219 09:32:59 [VPN:DEBG] SSLVPNTunnel.swift:586 On has better path change
20221219 09:32:59 [VPN:DEBG] SSLVPNTunnel.swift:594 No better path
20221219 09:32:59 [VPN:EROR] SSLVPNTunnel.swift:36 Failed to bypass certificate. error : Error Domain=NSOSStatusErrorDomain Code=-67818 "“*.vpn.domain.it” certificate is expired" UserInfo={NSLocalizedDescription=“*.vpn.domain.it” certificate is expired, NSUnderlyingError=0x6000036ecfc0 {Error Domain=NSOSStatusErrorDomain Code=-67818 "Certificate 0 “*.vpn.domain.it” has errors: Certificate is not temporally valid;" UserInfo={NSLocalizedDescription=Certificate 0 “*.vpn.domain.it” has errors: Certificate is not temporally valid;}}}
20221219 09:32:59 [VPN:INFO] SSLVPNTunnel.swift:561 Tunnel connection state: CANCELLED
20221219 09:32:59 [VPN:EROR] SSLVPNTunnel.swift:457 Closed while starting, with error: certificateError
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Have you tried installing the certificate in Keychain and mark it as trusted ?
Tried now: added to the macOS KeyChain, set it as trusted, restarted FortiClient VPN, but same error.
I found an open source alternative to the official FortiClient which works, and can accept the expired certificate:
Hi yetopen,
the only(!) valid solution to this problem is to replace the expired certificate.
Your VPN server (FortiGate) has that certificate and it expired. This has to be replaced. This is normal for certificates and a security measure.
If the certificate is expired, your client (or any others), do not connect as they refuse the connection and that should be expected.
A very temporary solution to this, if you really need to connect a single time to exchange the certificate, is to change your clients system time to before the date that it expired to.
If not sure where to read it - connect via browser to the same FQDN. You will also receive a warning. Bypass the certificate warning as much as possible and see the date of expiry. Change your MAC OS system time to before that date. Then you should be able to connect.
Best regards,
Markus
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.