| Description | This article describes how to solve one of the cases where PA does not communicate with the FortiNAC server. |
| Scope | FortiNAC v8.8.x, v9.1.x, v9.2.x, 9.4.x, FortiNAC-F v7.2.x. v7.4.x, v7.6.x,Persistent Agent v5.3.x, v9.4.x, v7.6.x |
| Solution |
In this case, indicators of this failure condition can be checked in the PA logs in the general.txt file.
The logs when the intermediate certificate is missing in FortiNAC would look like this:
2022-03-12 10:09:25 UTC :: SSL Certificate verification result: unable to get local issuer certificate
2022-03-12 10:09:25 UTC :: peer CommonName = fortinac.fortinet.lab
In this case, the root CA is installed correctly in the endpoint, and it trusts the PA server certificate, but the trust chain is not completed because of the missing intermediate certificate that comes with the server certificate.
This, in the end, will result in a distrusted condition, and the PA connection to the FortiNAC server will fail
Solution: In this case, the solution would be to upload again the server certificate alongside the intermediate certificate in one single step in the PA Target.
It is possible to add the intermediate certificate by simply selecting the 'Add Certificate' button. This will complete the certificate chain, and trust will be established among end stations and the FortiNAC server.
Note1. When the PA server certificate obtained from a CA comes along with an intermediate certificate. To check if the certificate has an intermediate certificate, it is necessary to check the path of the certificate in the certificate details itself.
Note2. There are cases when the server certificate comes directly from the root CA without passing through intermediate CA nodes. In this case, only the server certificate needs to be uploaded in FortiNAC, and the root certificate needs to be installed in the end stations.
Related documents: Guide: FortiNAC SSL Certificates Technical Tip: Troubleshooting the Persistent agent Troubleshooting Tip: Windows Persistent Agent logs |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPresence
- FortiPortal
- FortiProxy
- FortiRecon
- FortiSRA
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
- Fortinet Community
- Knowledge Base
- FortiNAC
- Troubleshooting Tip: Persistent Agent not communic...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.