Hi all

Most of our FortiAP-423E(>10pcs) are not reachable over https anymore(ssh works fine). The AP responds with "internal error".

from Wireshark:

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
    TLSv1.2 Record Layer: Handshake Protocol: Certificate
    TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Internal Error (80)

When i try to fetch the certificate from the AP, the AP doesn't offer any ciphers(full output attached):

---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol : TLSv1.2
    Cipher : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1608465143
    Timeout : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
--- 

Model and Firmware: FortiAP-423E v6.2,build0290,200513 (GA)

Can anyone help with this problem? Is there a way to recreate the AP-Certificate?

thanks,

shrank