Skip to main content
NapaCab
NapaCab
New Member
June 20, 2019
Question

Online Certificate Revocation Checking for SSL MITM Inspection?

  • June 20, 2019
  • 1 reply
  • 3939 views

I see that FortiOS has an option to check for certs w/an ocsp-server (responder) for the VPN certificate, but I cannot for the life of me find anything in the FortiOS 6.x guide to configure it (if it's supported) for SSL MITM decryption.

 

Does FortiOS support this?

 

TIA!

 

 

    1 reply

    hubertzw
    hubertzw
    New Member
    June 21, 2019

    Hi

    yes, search ssl full inspection

     

    https://docs.fortinet.com/document/fortigate/6.0.5/handbook/646647/why-use-ssl-inspection

     

    NapaCab
    NapaCabAuthor
    New Member
    July 4, 2019

    I was looking for an option when using SSL inspection to configure an OSCP responder to check for expired/revoked certs?

    hubertzw
    hubertzw
    New Member
    July 6, 2019
    You don't need deep SSL inspection to do it. Check this doc: https://docs2.fortinet.co...icate-revocation-lists
    Terms & ConditionsAccessibility statement