Hot!FortiClient 6.0.4 problem with client certificates (IPsec especially)

Author
dcit.it
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/13 07:27:28
  • Status: offline
2018/12/13 09:56:14 (permalink)
0

FortiClient 6.0.4 problem with client certificates (IPsec especially)

We have our enterprise Certification Authority. Offline Root CA then subordinate online CA running on Windows (ADCS - Active Directory Certificate Services) in our domain.
Our users are getting certificates from slighly modified "User" template (has Application Policies: Client Authentication) by auto enrollment, and have option for manual enroll (again slightly modified "User" template) with longer expiration.

On our FortiGate we have installed that Root CA plus subordinate CAs (we have two now - older SHA-1 then newer giving SHA 256 certificates). Then IPsec and SSL dialup VPNs - for both are required client certificate from our CA and user/password.

FortiClient 5.4.5 works fine, both IPsec VPN and SSL VPN.
FortiClient 5.6.6 have some troubles, such as forgetting password, choosen certificate, need to switch to IPsec VPN from SSL VPN and back to be able to select certificate and such, but somehow is able to work.
 
FortiClient 6.0.4 have problems especially with IPsec VPN.
- details:
IPsec VPN
- first connect OK
- on second connect I am able to choose options such as password save (as FortiClient now knows that it is allowed), I am checking Save Password and Always Up
- then on next connects I am not able to select any client certificate (none is offered in connect dialog; in configuration there is, I can select and save, but then in connection none is chosen)
 
SSL VPN
- it somehow works
- but after each connect I need to choose certificate again, or even to able to choose certificate I need to switch to IPsec and then back to SSL VPN (or go to config, click save, and then it works again for one connection)
#1

3 Replies Related Threads

    dcit.it
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/13 07:27:28
    • Status: offline
    Re: FortiClient 6.0.4 problem with client certificates (IPsec especially) 2018/12/18 05:36:22 (permalink)
    0
    I would like to add that checking Save Password and Always Up seems to be the trigger (probably "Save Password" is the culprit). Without checking it and at all times writing username and password, then I am able to select client certificate and connect to our FG using IPsec VPN.
    #2
    dcit.it
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/13 07:27:28
    • Status: offline
    Re: FortiClient 6.0.4 problem with client certificates (IPsec especially) 2019/01/16 12:15:34 (permalink)
    0
    I would like to add that finally problem seems in using non-ascii characters in subject in certificates. Status of relevant support issue is now "Pend Bug Fix".
    #3
    dcit.it
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/13 07:27:28
    • Status: offline
    Re: FortiClient 6.0.4 problem with client certificates (IPsec especially) 2019/05/09 12:37:47 (permalink)
    0
    Fixed in 6.2.0.
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5