Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Kafort
New Contributor

VM edition and HTTPS

Hello, For testing, I am using the Fortigate VM edition but I have an issue with HTTPS or SSH (all works with HTTP). Here the message of Firefox:
 An error occurred during a connection to 192.168.2.200.
 
 Cannot communicate securely with peer: no common encryption algorithm(s).
 
 (Error code: ssl_error_no_cypher_overlap)
 
 
   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
 
Here the message of SSH:
 ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
 key_verify failed for server_host_key
 
Do you know how I can change the certificate? Regards
6 REPLIES 6
Matthijs
New Contributor II

Try this in the cli config system global set strong-crypto disable end
Kafort

Try this in the cli config system global set strong-crypto disable end
Thank you but it seems to be a workaround. Do you know how to change the certificate?
Nickesh_k

In FGT-VM trial v7.2.3 couldn't find that option in the config system global.

 

Cheers,
Nikesh
Cheers,Nikesh
proberts
New Contributor

Regarding SSH - our way around that was to use putty which is more tolerable.
mbrowndcm
New Contributor III

So, you have a CA that you wish to grant a certificate for a certificate request generated by the Fortigate unit? That is, you can' t just obtain the certificate from the site, then just install it to the certificate store of firefox? On the Fortigate unit: system>Certificate>Local Certificates>Generate... this will generate a certficate request that you can submit to a CA. Then import through Local Certificates If you want to add a CA certificate as trusted, say if you wish to have any certificate granted by that CA to be trusted by the Fortigate: system>Certificate>CA certificates> Import If you want to configure a Certificate you' ve imported to be used to secure HTTPS web site admin sessions:
 config system global
   set admin-server-cert
 
See CLI reference:
 admin-server-cert {self-sign | <certificate>}
 Select the admin https server certificate to use. Choices include
 self-sign, and the filename of any installed certificates. Default
 setting is Fortinet_Factory, if available, otherwise selfsign.
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
Diabolicus23
New Contributor

Solved! You have to use an old version of Firefox. Use, as example, Firefox 2.0.0.20 and, in about:config, set security.ssl3.rsa_rc4_40_md5 as true Now you will be able to access via https. With trial version the certificate is RSA SHA1 512 bits and this certificate is not supported in recent browser version. Attention, you must use an old version (I think 18 and older).
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors