TLS Handshake Failures for Lacerte Due to Fortinet SSL Inspection

Lacerte Slow to Launch or Stalls Due to Security Inspection – Resolved

Issue Summary

Some users experienced delays or freezing when launching Lacerte. In some cases, the application appeared stuck or failed to connect, especially during the initial startup.

This was due to network security software interfering with Lacerte’s secure connection to Intuit’s servers. Specifically, a firewall device (Fortinet) was inspecting secure traffic too aggressively, which disrupted the way Lacerte normally connects to the internet.

How This Issue Showed Up

Customers or agents might have noticed one or more of the following:

• Lacerte taking much longer than usual to start
• The launch screen getting stuck or freezing
• Errors during the startup process
• Internet working normally in browsers, but Lacerte not responding
• No issues when using Lacerte from a different network (e.g., home Wi-Fi, mobile hotspot)

This happened even when everything else on the computer seemed fine—because it was related to how certain secure connections were being handled by the firewall or security settings on the network.

What Caused the Problem

Lacerte uses a secure internet connection to talk to Intuit’s servers. These secure connections rely on something called TLS (a type of encryption). A recent update in firewall software (Fortinet) started interfering with or blocking these encrypted connections, thinking they might be suspicious.

In short:

• Lacerte’s connection was being intercepted by the firewall
• This broke the secure handshake between Lacerte and Intuit servers
• Lacerte didn’t trust the altered connection and stalled

This happened because of a feature called SSL Deep Inspection, which replaces security certificates—something that Lacerte and other apps with strict security checks will not accept.

How We Fixed It

We’ve updated the Fortinet firewall configuration to exclude Lacerte-related internet addresses from this inspection. This allows Lacerte to connect normally again without being blocked or delayed.

Domains that are now excluded from inspection:

• *.intuit.com
• *.a.intuit.com
• *.iks2.a.intuit.com

Once this was done, Lacerte began launching normally again, with no stalls or performance issues.

What You Should Do

If you’re still seeing issues launching Lacerte:

1. Check if you're on a business or office network that uses Fortinet firewall or similar security tools.
2. Ask your IT team or network administrator to confirm whether SSL Deep Inspection is enabled.
3. If so, request that they exclude the following domains from inspection:

• *.intuit.com

• *.a.intuit.com

• *.iks2.a.intuit.com

1. After making this change, restart your computer and try launching Lacerte again.

For IT Administrators (if needed)

• Maintain a “No Inspection” policy for all Intuit-hosted domains used by Lacerte
• Review any Fortinet updates (firmware or FortiGuard profiles) that may re-enable deep inspection
• Do not attempt to import Fortinet’s certificate as a workaround—Lacerte likely uses certificate pinning and will still fail the connection

If problems continue after these steps, please contact Intuit Support with details about your network environment and firewall configuration.