This article describes steps to install a root certificate on Linux, which solves cases where the persistent agent may fail to communicate with FortiNAC when the root issuer is untrusted.
Scope
FortiNAC 8.X 9.X, 7.X.
Solution
Install the root certificate to the trust store.
Step 1: Obtain the root certificate.
Download the certificate from visiting the portal page or request that someone that already has it provide a copy. It will be put on the Linux host. In this example, the Desktop and root.cer are used.
Step 2: Convert to PEM format if not done already.
sudo openssl x509 -inform der -outform pem -in root.cer -out supportlab.crt
Example DER certificate which will not work:
Example of a suitable PEM certificate after conversion:
Step 3: Copy the certificate to the Trusted Certificates Store.
sudo cp supportlab.crt /usr/local/share/ca-certificates/
Step 4: Update the Certificate Store.
sudo update-ca-certificates
Step 5: Restart the persistent agent.
sudo service bndaemon restart
See the Ubuntu documentation for more information about installing a root CA certificate in the trust store.