What is the name of the domain?
What is the issue you’re encountering
FortiClient’s inability to trust the SSL certificate being used by the FortiGate VPN or other Fortinet systems.
What steps have you taken to resolve the issue?
None yet… Looking for possible solutions?
Problem:
SSL Certificate Warning: When users are logging in remotely, their devices are receiving warnings because the SSL certificate used by the FortiGate device isn’t trusted by their browser or operating system. This might happen with self-signed certificates or certificates issued by an untrusted certificate authority.
Managed Certificate Issue: Since you’re using a managed SSL certificate (such as one managed by a hosting provider or another service), you can’t directly access or provide the certificate to Fortinet for installation.
Possible Solutions:
- Obtain the Root or Intermediate CA Certificate
If the SSL certificate is from a managed service, it’s likely that the certificate chain includes a root certificate or intermediate certificate issued by a CA. Here’s what you can do:
Ask for the CA certificate from your managed provider. While you may not have access to the SSL certificate itself, most CAs provide the root and intermediate certificates publicly (these are typically found on the CA’s website).
Provide the CA certificate to the Fortinet team. Once they install the root and/or intermediate CA certificate into their FortiGate device, the security warnings should disappear. The certificate chain will be validated correctly, and users will no longer see warnings.
- Configure FortiGate to Use a Trusted SSL Certificate
If the Fortinet team has access to the certificate store on the FortiGate:
Install a trusted SSL certificate from a public certificate authority (CA). If your FortiGate is using a self-signed certificate, replacing it with a trusted SSL certificate (from a CA like Let’s Encrypt, DigiCert, or others) will solve the issue.
Request a custom certificate from the managed provider: If possible, reach out to your managed service provider and ask if they can generate a custom SSL certificate for your Fortinet setup. This way, the certificate can be installed directly on the FortiGate device without compatibility issues.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
SSL/TLS encryption
Current encryption mode:
Full