Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: full isnpection problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
full isnpection problem
Hi
I have updated my FGT 200F to 7.6.3 version. from now on, full ssl inspection has many problems. it shows certificate error for some websites which was working well before and some times it bypasses all websites automatically. here is the error message for chatgpt : please help
net::ERR_CERT_DATE_INVALID Subject: chatgpt.com Issuer: FG200FT9044229 Expires on: Apr 30, 2025 Current date: Apr 30, 2025 PEM encoded chain: -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIUdrj1VYAKb+FPzB4q2HANTQTfVcIwDQYJKoZIhvcNAQEL BQAwgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHMjAwRlQ5MjI5MjA1ODExIzAhBgkq hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTI1MDQwMzAwMTYwNFoX DTI1MDQzMDA1NDY1MVowFjEUMBIGA1UEAxMLY2hhdGdwdC5jb20wWTATBgcqhkjO PQIBBggqhkjOPQMBBwNCAARSTlz4/3zd7PcHph2Iwh0IgKNBtZHPkGl1IovCE4Qq BDlfa9Kx3S++x0WXdGBCPmx8bh9xp4/SlgeWq8kMUl0So4IBmzCCAZcwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYD VR0OBBYEFOzB9eNk6df5NLKSqor+ttyRhjwrMCUGA1UdEQQeMByCC2NoYXRncHQu Y29tgg0qLmNoYXRncHQuY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBBQYKKwYB BAHWeQIEAgSB9gSB8wDxAHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WG JjoAAAGV+Tg1UgAABAMARzBFAiEA0kPEvGJh67vllRBPfhhGLm784moI8AvkKKBG yU/DQRoCIHQuO8SLAytnkdxWERMU+rr3fDfg+O7klDYp+NYH76M1AHcAouMK5EXv va2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGV+Tg1XgAABAMASDBGAiEAp+lp 4JFNQSaP4ZjX3qpB/gAaV9RvtzYqO1VcY9J/5foCIQDlurDn4NJAmxHzwvmSlqJq /Wek3+rD8+SXT0e1sk/uvjANBgkqhkiG9w0BAQsFAAOCAQEAePIKm7gD8gPhEa4D l9R+7txwY81YuENqd11ZNM1c4Hmb0e7xOKJKoaxyY27k8cjNjVG8A4EISAvg4t7Q VgZg679TLxZadwY9atiaFvw2PDr4baWY+GzBVYCWti+oFNJsCR/6HpSvuXGlms6J swYwLZKoNdYrCu9NFoH3nzEsXsF+nGa75Lv1LNikS+Od/rE9Qm5vakM6N6vp5BBJ LZiTPSuH0xiQlNemU4WLysKSfor+E5iHNpE7igOQgqRNdAqUsNx291eG82yFf6Co eTR8x1e2OPVyRyM1v4zarcY/bfikxL2ueSuyoRxMPNxPvimBzFHW0IqLehGwF6Ec en11vQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID5jCCAs6gAwIBAgIIS24Y0WDo0oswDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkxGTAXBgNVBAMMEEZHMjAwRlQ5MjI5MjA1ODExIzAhBgkqhkiG9w0BCQEWFHN1 cHBvcnRAZm9ydGluZXQuY29tMB4XDTIzMTEyNzEzMzExMVoXDTMzMTEyNzEzMzEx MVowgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHMjAwRlQ5MjI5MjA1ODExIzAhBgkq hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA3GT3j3iaTMzFWO1rF+Nu6bUZD4F4d8TYNKa2QcOnsGNx VdSvBI8gh4pR/LNJ1YKSlWLCjIf9Eg0KQMcx77eI3+onkO0erV2vZRrdxlnDZ09t Tk6IYLjOge5hhArLlWbCxYQGhf6E3K8lp+u8hsBN9rlZMvpsX+RgNcbgp8Rh3iKR sSyWRIBB7uyJADgStiiopquaVPdATsXZRfknj9ycFbSQzyVF+UxI5Ih2GNhMAVZX u5r8xUhgmU1tFkkKP2blEZvwSmMmdTSWdgNECrwMbyrqNXHgxUVEWjVvLR7w2kUq 2OV37mxb+lm8Ikq20IeuJJzdvX+W2jVItNk2Y0hCZQIDAQABoxAwDjAMBgNVHRME BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCw9An+o5jlORumuEbzOj3Q+47SnsoN VuJd0gXw9Y83DWKDhfhE5RE9/lnd/6+NGiK2n5NopO1ie/TTsVby/F/h69BZl1jN dl55TjMy/Ef3R4tpxZ1BRRROpc8yNd0NeEKcfnVqzC4EkvfGDWXATaNid2mEDmZx Rfno9jTyBia1O7CBOyQB9XNXyJeZQyk2S0jU23t1e4KdeJjBIEv5SegyKJcB/HJG R+221AoJzrxi/VcvFXkqEhqgloS2Uz3K1XqmNLiQOFbOvPErD3j9x5DrOHuRx2XY eIQsQBLmqtQLFPJ+wfKGYYOUwZAzA68ZrCvmU9H+xUBNm6zV6UimKfl1 -----END CERTIFICATE----- Certificate Transparency: SCT Google 'Argon2025h2' log (Embedded in certificate, Invalid signature) SCT Let's Encrypt 'Oak2025h1' (Embedded in certificate, Invalid signature)
Reza F.
Reza F.
Labels:
- Labels:
-
FortiGate
- « Previous
-
- 1
- 2
- Next »
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi
what should i do now? please keep me updated about the case.
Reza F.
Reza F.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi again,
after I rebooted the FGT, the problem solved. please indicate that on your ticket.
Reza F.
Reza F.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can confirm this issue, it is happening to me as well. My CA is still valid until 2033. However, the Fortigate does not renew Certificates for some websites after the first connect. Since those ssl inspection certificates are valid for 5 days, the issue takes some time to build up.
A diag test application wad 99 fixes the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you elaborate on the
diag test application wad 99?
I had the impression that any "diag" command is read only, and only "config" or "execute" can change stuff. Was the command provided by the support team?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Usually you are correct. However, there are some exceptions like this one.
The command restarts the WAD Daemon, which is the Web Proxy process of FortiOS.
It is described here: https://community.fortinet.com/t5/FortiProxy/Technical-Tip-How-to-restart-the-WAD-process/ta-p/21278...
and in greater detail here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Overview-of-WAD-process-structure/ta-p/197...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This issue relates to the certificate manager feature change introduced in v7.6. The new option 'resigned-short-lived-certificate' feature is not working properly with certificate cache-timeout.
Please follow below KB for workaround:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-fix-ERR-CERT-DATE-INVALID-err...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are having the exact same issue as well. Has there been any response from TAC on this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If you FGT is on v7.6, This issue might be related to the certificate manager feature change introduced in v7.6. The new option 'resigned-short-lived-certificate' feature is not working properly with certificate cache-timeout.
Please follow below KB for workaround:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-fix-ERR-CERT-DATE-INVALID-err...
- « Previous
-
- 1
- 2
- Next »
Labels
-
FortiGate
10,590 -
FortiClient
2,157 -
FortiManager
889 -
5.2
687 -
FortiAnalyzer
681 -
5.4
638 -
FortiSwitch
584 -
FortiClient EMS
562 -
FortiAP
559 -
IPsec
420 -
6.0
416 -
SSL-VPN
376 -
FortiMail
372 -
5.6
362 -
FortiNAC
281 -
FortiWeb
252 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
192 -
FortiAuthenticator
173 -
FortiGuard
160 -
5.0
152 -
Firewall policy
144 -
FortiGate-VM
131 -
6.4
128 -
FortiCloud Products
116 -
FortiSIEM
113 -
FortiToken
112 -
FortiGateCloud
112 -
Wireless Controller
95 -
Customer Service
88 -
High Availability
86 -
FortiProxy
77 -
Routing
75 -
ZTNA
75 -
Fortivoice
73 -
SAML
71 -
DNS
71 -
VLAN
71 -
FortiEDR
69 -
FortiADC
68 -
BGP
67 -
Authentication
66 -
certificate
65 -
RADIUS
61 -
LDAP
60 -
fortilink
55 -
SSO
54 -
FortiSandbox
53 -
NAT
52 -
FortiExtender
51 -
4.0MR3
49 -
VDOM
47 -
Application control
45 -
FortiDNS
43 -
Interface
43 -
Logging
41 -
Virtual IP
39 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiPAM
35 -
SSL SSH inspection
35 -
Web profile
35 -
FortiConnect
34 -
Automation
33 -
FortiWAN
31 -
FortiConverter
30 -
FortiGate v5.2
27 -
Traffic shaping
26 -
Static route
26 -
SNMP
25 -
API
25 -
SSID
25 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
FortiGate Cloud
23 -
System settings
22 -
OSPF
20 -
WAN optimization
20 -
FortiMonitor
19 -
Security profile
19 -
Web rating
19 -
Web application firewall profile
18 -
IP address management - IPAM
18 -
FortiSoar
17 -
FortiGate v5.0
16 -
FortiDDoS
16 -
FortiAP profile
16 -
Explicit proxy
15 -
Admin
15 -
Proxy policy
15 -
FortiCASB
14 -
IPS signature
14 -
Intrusion prevention
14 -
FortiManager v4.0
13 -
DNS filter
13 -
FortiManager v5.0
12 -
FortiDeceptor
12 -
NAC policy
12 -
users
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiRecorder
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
FortiBridge
10 -
Trunk
10 -
Traffic shaping profile
10 -
Authentication rule and scheme
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
Application signature
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiCarrier
5 -
FortiNDR
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
FortiAI
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2588 | |
| 1380 | |
| 796 | |
| 658 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.