| Description | This article describes the process when an EMS Certificate is not trusted with FortClient EMS Cloud. |
| Scope | EMS Cloud, FortiGate, FortiClient EMS. |
| Solution |
This article outlines the instances when the server certificate for the FortiClient EMS Cloud instance gets renewed, and when it approaches expiration, an administrator will encounter the following warning message.
As stated in the warning message above, the FortiGate must be re-authorized, however, it may fail with the error below due to cached certificate entry on the FortiGate.
Troubleshooting step to verify the verified capabilities:
(global) di test application fcnacd 2 EMS context status:
FortiClient EMS number 1: name(id): Fortinet-Test(1) confirmed: yes fetched-serial-number: FCTEMS0000xxxxx user-data: verified capabilities: false <- Failed the capabilities. verified identity: false interface-selection-method: 0 verify-peer-method: 4 Websocket status: disconnected, oif: 0
If the reauthorization is done from CLI, the following error may occur:
execute fctems verify 1
To resolve this issue, unverify it:
execute fctems unverify <EMS ID>
And then verify it again:
execute fctems verify <EMS ID>
Note: This article also applies to the FortiClientEMS server. |
