Most Liked Posts Recent Solutions
No Content Available

User Activity

The send-cert-chain attribute set to enable by default in the vpn ipsec phase1 configuration does not cause the CA certificate chain (unnecessary Root CA certificate plus Issuing SubCA certificate) to be included anymore in the IKE_AUTH response by t...
Irrespective whether the FortiGate server certificate is directly issued by a Root CA or by an Intermediate CA, the Root CA is always sent to the IPsec VPN client in the CERT payload of the IKE_AUTH response. This doesn't make any sense since no peer...
I'm enabling IKEv2 digital signatures with rsa-pss on a FortiGate VPN Gateway: config vpn ipsec phase1-interface edit "xyz" ... set digital-signature-auth enable set signature-hash-alg sha1 sha2-256 sha2-384 set rsa-signature-format pss nextendWhen t...
My Accepted Solutions
Kudos given to