Problem
When you configure Secure LDAP and use Fortigate firewall as the LDAP client, the certificate is not accepted showing the message stating:
This CE Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store.
Environment
- Admin console
- Secure LDAP
Solution
After downloading the Certificate to configure the LDAP client in the Admin console as instructed in this manual to download the generated certificate, you should go to Google Trust Services page to download the CA certificate by following these steps:
In case of any issues connecting to the LDAP server, you may perform Secure LDAP connectivity testing.
- Go to Google Trust Services page.
- Click on Repository at the top.
- Select Root CAs.
- Click Actions next to the GTS Root R2 and select Certificate (PEM).
In case of any issues connecting to the LDAP server, you may perform Secure LDAP connectivity testing.
Cause
Fortigate only accepts CA certificates for LDAP connections, and the one downloaded in the Admin console when configuring an LDAP client is not a CA certificate.