Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VM edition and HTTPS
Hello,
For testing, I am using the Fortigate VM edition but I have an issue with HTTPS or SSH (all works with HTTP).
Here the message of Firefox:
An error occurred during a connection to 192.168.2.200. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.Here the message of SSH:
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits key_verify failed for server_host_keyDo you know how I can change the certificate? Regards
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this in the cli
config system global
set strong-crypto disable
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this in the cli config system global set strong-crypto disable endThank you but it seems to be a workaround. Do you know how to change the certificate?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In FGT-VM trial v7.2.3 couldn't find that option in the config system global.
Cheers,
Nikesh
Nikesh
Cheers,Nikesh
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding SSH - our way around that was to use putty which is more tolerable.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So, you have a CA that you wish to grant a certificate for a certificate request generated by the Fortigate unit?
That is, you can' t just obtain the certificate from the site, then just install it to the certificate store of firefox?
On the Fortigate unit:
system>Certificate>Local Certificates>Generate... this will generate a certficate request that you can submit to a CA.
Then import through Local Certificates
If you want to add a CA certificate as trusted, say if you wish to have any certificate granted by that CA to be trusted by the Fortigate:
system>Certificate>CA certificates> Import
If you want to configure a Certificate you' ve imported to be used to secure HTTPS web site admin sessions:
config system global set admin-server-certSee CLI reference:
admin-server-cert {self-sign | <certificate>}
Select the admin https server certificate to use. Choices include
self-sign, and the filename of any installed certificates. Default
setting is Fortinet_Factory, if available, otherwise selfsign.
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
" …you would also be running into the trap of looking for the answer
to a question rather than a solution to a problem." -
[link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond
Chen[/link]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solved!
You have to use an old version of Firefox.
Use, as example, Firefox 2.0.0.20 and, in about:config, set security.ssl3.rsa_rc4_40_md5 as true
Now you will be able to access via https.
With trial version the certificate is RSA SHA1 512 bits and this certificate is not supported in recent browser version.
Attention, you must use an old version (I think 18 and older).
