FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff
Article Id 190632

Description
SSL certificates are not installed properly when using the Administration UI.  When applying certificates under System > Settings > Security > Certificate Management, there are no errors generated (as if certificates installed correctly).  However, old certificate information is displayed when browsing to Captive Portal.


Scope
Version: 8.5.0, 8.5.1 and 8.5.2

Solution

Workaround:  Contact Support for assistance.
 
Solution:  To be addressed in a future release.
 
Additional symptoms:
  • Under /bsc/siteConfiguration/apache_ssl n the Application server, certificate files show "root" as the owner, and the dates are not updated to reflect the time of certificate installation. 
Example (installed new certificate in August):
root@acorn1:/bsc/siteConfiguration/apache_ssl
> ll
total 32
4 -rw-r--r-- 1 root root 887 Apr 24 16:43 server.csr
4 -rw-r--r-- 1 root root 1675 Apr 24 16:43 selfsigned.key.orig
4 -rw-r--r-- 1 root root 1675 Jun 4 11:38 selfsigned.key
4 -rw-r--r-- 1 root root 1346 Jun 4 11:38 selfsigned.crt
4 -rw-r--r-- 1 root root 1675 Jun 4 12:02 server.key
4 -rw-r--r-- 1 root root 1891 Jun 4 12:02 server.crt
8 -rw-r--r-- 1 root root 4795 Jun 4 12:02 server.ca-bundle


  • /bsc/logs/output.nessus log in Application Server printsthe following message:
java.io.FileNotFoundException: /bsc/siteConfiguration/apache_ssl/server.key (permission denied)
 
Workaround:
1. Change owner to nac:root.  In Application Server CLI, type

cd /bsc/siteConfiguration/apache_ssl

chown nac:root ./*
 
2.   Re-install the certificate files again from the Administration UI
 
 

 

Contributors