Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kunde
New Contributor

ssl vpn with ios and azure sso - wildcard certificate ?

Hello

We have a Fortigate 100E and were able to make ssl vpn from ios with the app with azure sso authentication.

But at the moment it is not working. I guess since an ios update.

We are using a wildcard cert for the sslvpn at 100E.

 

Could it be that ios is not accepting a wildcard cert and I need to switch to a single?

 

Error is "Untrusted Connection This Connection is untrusted. press OK to continue" - at ok, nothing happens.

 

Thank you.

David

3 REPLIES 3
adambomb1219
Contributor III

Does the iOS device trust the CA and intermediate CA's that signed the certificate?  Is this a public or private CA?  Why use a wildcard at all?

kunde

Yes, it is trusted. It is a public.

Why should I not want to use a wildcard cert?

Because I already bought it, and it is easier to manage one instead of multiple.

In the meantime I asked Fortinet Support.

They told me that the "latest" iOS Version that is supported by Forticlient app is 14.

https://docs.fortinet.com/document/forticlient/7.0.0/ios-administration-guide/394867

I think this is crazy, I can not believe it.

adambomb1219

That is correct.  I suspect this due to all of the security changes Apple has made in versions since iOS 14 (mainly certificate turst/use!).  VPN, certificates, etc are notoriously difficult for mobile devices.  This especially true when you aren't using an MDM. 

Labels
Top Kudoed Authors