Description
Persistent Agent pops up with a message similar to the following:
Certificate Error
The computer at ns500.company.com is using a self-signed certificate with common name ns500.company.com ...
It is impossible to verify the identity of the computer. Information about your computer could be sent to another computer pretending to be ns500.company.com.
Continue to connect to ns500.company.com?
Persistent Agent version 3.x (and above) requires a third party SSL certificate to be installed. The error indicates a Self-Signed certificate is installed for Persistent Agent communication. This can be confirmed by navigating to System > Settings > Certificate Management in the Administration UI.
Scope
Version: Persistent Agent 3.x and above.
Solution
Workaround: It is possible to disable the security mode in the Registry if Windows agents are distributed via software. With the security mode disabled, SSL certificates are not required to be installed on Network Sentry. For details on Persistent Agent deployment and configuration, refer to the Fortinet Document Library.
Solution: Install a 3rd party SSL certificate for the Persistent Agent target using the Administrative UI. For instructions on creating and installing SSL certificates, refer to the Fortinet Document Library.
Note:
Agents, starting with version 5.3, will no longer support unsecured communication over UDP 4567. Self-signed certificate use is possible but, not recommended or supported.
