Fortinet Community

kunde · ‎02-01-2023

Hello

We have a Fortigate 100E and were able to make ssl vpn from ios with the app with azure sso authentication.

But at the moment it is not working. I guess since an ios update.

We are using a wildcard cert for the sslvpn at 100E.

Could it be that ios is not accepting a wildcard cert and I need to switch to a single?

Error is "Untrusted Connection This Connection is untrusted. press OK to continue" - at ok, nothing happens.

Thank you.

David

adambomb1219 · ‎02-01-2023

Does the iOS device trust the CA and intermediate CA's that signed the certificate? Is this a public or private CA? Why use a wildcard at all?

kunde · ‎02-14-2023

Yes, it is trusted. It is a public.

Why should I not want to use a wildcard cert?

Because I already bought it, and it is easier to manage one instead of multiple.

In the meantime I asked Fortinet Support.

They told me that the "latest" iOS Version that is supported by Forticlient app is 14.

https://docs.fortinet.com/document/forticlient/7.0.0/ios-administration-guide/394867

I think this is crazy, I can not believe it.

adambomb1219 · ‎02-14-2023

That is correct. I suspect this due to all of the security changes Apple has made in versions since iOS 14 (mainly certificate turst/use!). VPN, certificates, etc are notoriously difficult for mobile devices. This especially true when you aren't using an MDM.

Fortinet Community

ssl vpn with ios and azure sso - wildcard certificate ?