Skip to main content
miguel1423
miguel1423
Explorer
August 14, 2023
Solved

Inspection SSL Untrusted CA

  • August 14, 2023
  • 3 replies
  • 2901 views

Hello,

 

We have the deep inspection activated for the outcoming connexion. Microsoft has changed their certificat for the hostname europe.cp.wd.microsoft.com resently with an another CA and now I get the error "block-cert-untrusted" from the UTM.

 

So I think to resolve this issue I have to import manually the new chain for this CA in the fortigate ? where can I get the CA list that the fortigate already know ? Does the CA list are automatiquely updated from fortiguard ? 

 

Before I was on checkpoin and I had to import manually the CA cert.

 

Thank you for your answer

Regards,

 

 

Regards,

 

 

3 replies

chauhans
Staff
chauhansAnswer
Staff
August 14, 2023

Hello @miguel1423 

Could you please check below doc. link regarding CA list, hope it will help you out.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-View-the-Default-Trusted-CA-Certificates-on/ta-p/196409

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Expiring-Let-s-Encrypt-Certificates/ta-p/198419?externalID=FD53305

Thanks,

Shaleni

    miguel1423
    miguel1423Author
    Explorer
    August 14, 2023

    Hello @chauhans 

    Thank you I forgot to check that on the SSL profile, Thank you for your reply 

    Have a nice day

     

    Regards,

    smayank
    Staff
    smayank
    Staff
    August 17, 2023

    Hello 

     

    Certificate list is updated by fortiguard. As this is a recent changes you might need to upload root CA.

    Please run 

    # diag debug application update -1
    # diag debug enable
    # exec update-now
    Thanks & Regards
    Mayank Sharma

    Terms & ConditionsAccessibility statement