FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 194138
Description
Configure Browser to Trust Self-Signed Certificate

Scope
Version: All
Solution
Version:  All


Issue:  Browser displays certificate error after installing Self-Signed SSL Certificate in Network Sentry for Admin UI Certificate Target.


Solution:  In order for the browser to trust the Self-Signed certificate, the certificate must be imported or added as an exception.

1.  Export the certificate.  There are various methods to do this.
Note:  Exporting the certificate may not be possible with Internet Explorer.

FireFox:  
To export certificate to use for other browsers:
a.  Browse to https://<appliance name>:8443
The message "Your connection is not secure" displays.
b.  Click the padlock or "i" next to the URL
c.  Click the > next to the host name
d.  Click More Information
e   Under the Details tab click the Export button.
f.   Save as PEM.


Network Sentry appliance CLI:
a.  SSH to the Network Sentry Server or Control Server and type
echo -n | openssl s_client -connect <appliance name>:8443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.cert

Example:
echo -n | openssl s_client -connect qa6-74.bradfordnetworks.com:8443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.cert
depth=0 CN = qa6-74.bradfordnetworks.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = qa6-74.bradfordnetworks.com
verify return:1
DONE


b.  ftp or scp file to desired location.
ftp <destination ip or name>
scp server.cert root@<location>:/<path>





2.  Import the certificate to the browser.

FireFox
a.  Browse to https://<appliance name>:8443
The message "Your connection is not secure" displays.
b.  Click Advanced
c.  Click Add Exception
d.  Click Confirm Security Exception
e.  Close the browser completely and reopen.


Internet Explorer (IE):
a.  Browse to https://<appliance name>:8443
b.  Under start menu, in search bar type certmgr.msc.
c.  Navigate to folder Trusted Root Certification AuthoritiesCertificates.
d.  Click Action > All Tasks > Import
e.  Browse and select the filename of the certificate.
f.   Click Open
g.  Click Next
h.  Ensure Place all certificates in Certificate store Trusted Root Certification Authorities is selected
i.   Click Next
j.   Click Finish
k.  When prompted to install certificate, click Yes
"The import was successful" should display.
l.   Close the browser completely and reopen. 

The URL should now display as secure.


Contributors