Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nmichael
Staff
Staff

Created on ‎09-11-2017 02:51 AM

Article Id 194669

Technical Note: SSL warning with invalid CN error for internal CP authentication on FortiGate

Description
When a user connects to a wireless network with internal captive portal authentication, the device is redirected to url: https://x.x.x.x:1003. Since FortiGate is installed with standard certificate, the user is presented with an SSL warning error of using invalid common name because it does not match the IP address of the captive portal server (or FortiGate).

nmichael_FD40682_tn_FD40682-1.jpg

Scope
All versions.

Solution
This error can be avoided only by redirecting the wireless users to  a Url that includes the FQDN of the FortiGate; instead of the FortiGate IP address. https://<FQDN>:1003

This can be implemented with the following commands:

#config firewall auth-portal
#set portal-addr <FGT FQDN>
#end

Ensure also that there is a DNS resolution entry in the DNS server for the FQDN name with the FortiGate IP address.

Labels:
4010
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.