FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 190040
Description
Cannot scan or send messages to Persistent Agents after a new SSL certificate has been installed in NAC.

Unless security has been disabled on the agents, communication between the agents and NAC starts with a SSL handshake.  This requires NAC to be secured with a SSL Certificate.  If the newly installed certificate does not have all the intermediate and root certificates included, the Persistent Agent will not be able to validate the authenticity of the connection and will fail to communicate.

Solution
Ensure the following:
1.  All intermediate and root certificates have been installed. 
Refer to related KB article below.
2.  Verify the affected hosts have the appropriate root certificate installed.  For instructions, r
efer to related KB article below.

Related Articles

Technical Note: Identify missing SSL certificates via administration UI

Technical Note: Verify Trusted Certificate Authorities on Windows or Mac OSX

Contributors