Ubuntu – NetworkManager-fortivpn – adding ‘trusted-cert’ to config file

certificatenetworkmanagerUbuntuvpn

Good day.

I'm trying to use the package that Ubuntu supplies for Fortivpn. So far as I can tell, it's a plugin for NetworkManager which wraps openfortivpn.

The issue I'm having is that I can't seem to find any documentation around adding the 'trusted-cert' flag to the config (which I have determined is located at /etc/NetworkManager/system-connections/MyVpnName).

If someone could point me to where I should add this flag that would be great. I've tried adding it under the [vpn] section, but that has had no effect.

For context: Without this flag, I get an error: Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with: --trusted-cert ... or add this line to your config file: 'trusted-cert = ....

I've tested straight command line openfortivpn and it works just fine. This seems to be purely my inability to figure out how to get NetworkManager to pass the flag to openfortivpn.

Thanks everyone 🙂

Best Answer

  • In the Network Manager (I'm on Ubuntu 18) and configuring an openfortivpn connection, the Trusted Certificate (digest) field is reached by the Advanced button in the "VPN (fortisslvpn)" thumbnail.