Technical Note: Certificate warning when connecting to SSLVPN from Linux devices
This article provides guidance for dealing with certificate warnings when connecting to SSLVPN from Linux devices.
FortiClient SSLVPN for
Linux does not use default OS trust, but checks for trusted certificates
in its own repository.
It is possible to add
certificates to the FortiClient repository:
Create "/root/.fctsslvpn_trustca" directory (or
in the home directory of the user running it) and copy to it all CA
certificates (all intermediate and root CAs) in PEM
Alternatively, disable the server certificate
Set "invalid_peer_cert_action=0" in config to
Config file is located in:
A further method would be to link the
Linux certificate store to the .fctsslvpn_trustca directory.
Actual command will depends on the
Linux distributive. It should be noted that this method is provided "as
is", and is not supported by Fortinet.
certificate trust check completely, check "Do not
warn about server certificate validation failure" on the FortiCLient
GUI, or configure the via CLI.
Go to the
FortiClient directory and then to the FortiClient version that
corresponds to the OS.
For 64-bit systems it will
Edit the file called config and set
the cert warning value to 0 as shown
<---- This will prevent the certificate
Last Modified Date: 04-28-2017 Document ID: FD40440