How to Resolve Limit of SSL Cert from Protecting SSL Server

Forum|Forum|3 years ago
November 22, 2022
2 replies
2755 views

Hi All,

Is there a way to increase the limit of certificates on the SSL Inspection > Protecting SSL Server?

Apparently, limit of certicates that can be used is 10 as noted on the below article link and seems no resolution on it:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Maximum-number-of-entries-has-been-reached/ta-p/219723

Reason for this is that we have mutliple domain names that needs https ssl inspection under one web server.

FortiGate

gfleming

Staff

There is no way to increase max value. You may want to look at using a FortiWeb.

abelio

SuperUser

Agree with gfleming post.

A possible workaround could be re-issue some of those certificates in one multidomain SSL certificate; many commercial ssl certs provides multidomain SSL certificate, three as standard service, and more if you paid them for it.

dairuAuthor

New Member

Thank you for your input gfleming and abelio.

Would it be expensive? Will have to look into the multi-domain SSL.

I was thinking if we have a workaround where we will set different firewall policy based on the FQDN. It would be like:
-Create a VIP via FQDN (instead of IP-based VIP)
-Create firewall policy for every FQDN VIP (this way, we could separate SSL cert per profile)

Currently testing this idea but so far not yet successful. Appreciate your thoughts about it.

gfleming

Staff

Don't believe the FQDN VIP will work in this case as you only have one public IP address to map it to, correct?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded