Fortinet_CA_SSLProxy and Configuration Restore

Forum|Forum|10 years ago
March 21, 2016
1 reply
5131 views

Hi, Please confirm my queries on below, 1. Will Fortinet_CA_SSLProxy Certificate value (HASH or Thumbprint) change if we restore the configuration which is taken from the another box? 2. If the Firmware Upgrade will change the HASH or Thumbprint on the existing Fortinet_CA_SSLProxy? 3. Is it possible to import the Fortinet_CA_SSL_Proxy certificate from Box A to Box B and make the imported certificate as default Certificate for certificate inspection?

The quick response is much helpful.

Thanks, Ramesh

Wayne11

Explorer

Very interesting question and I would like to know too, because we need to replace the Fortinet_CA_SSLProxy certificate on one of our 200D witch is having an SHA1 hash. We can't use this certificate anymore without getting warnings already from Chrome and 2017 all browsers will deny it.

So does Fortinet has any plan to upgrade the local CA certificates or can we import a new one?

Jeff_FTNT

Staff

Yes, you can move Fortinet_CA_SSLProxy Certificate with configure restore.

The Fortinet_CA_SSLProxy Certificate is an CA certificate (include private key) saved under Local certificate site. When backup setting, it include Private key/Certificate in config setting, so you may move it with config setting, upgrade firmware will not change it. You may copy/paste "Fortinet_CA_SSLProxy" part setting in config file to move it.

If download "Fortinet_CA_SSLProxy" from GUI, it only include certificate without private key, it would not works if import to another FGT.Thanks.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded