Skip to main content
osaleem2_10
osaleem2_10
Explorer III
September 10, 2025
Question

Outbound SSL Full inspection

  • September 10, 2025
  • 1 reply
  • 331 views

Hi,

 

I was using FortiGate version 7.2 with SSL Full inspection mode, and all was good. Now I have moved to 7.6.4, the latest version, but I think the configuration goes differently.

 

I have generated a CSR from (Certificate). And sign it through my local CA. Then import it as base-64. Then import it to my FortiGate. Now the certificate appears under my Local CA.

 

When I go to settings, I'm able to use this certificate. But at the SSL/SSH Profile, I'm not able to use this certificate for my SSL Profile.

 

Kindly let me know the right way to do SSL full inspection with a certificate that is signed by my local CA for version 7.6.4

 

1 reply

ebilcari
Staff
ebilcari
Staff
September 10, 2025

The certificate used for deep inspection should have the "CA:TRUE" and able to sign other certificates:

signi.PNG

 

Make sure you have requested an intermediate CA from your local CA.

Emirjon
    osaleem2_10
    osaleem2_10Author
    Explorer III
    September 11, 2025

    Thanks for your reply. Yes, it's the same as the mentioned pic. I'm able to use the signed cert in my setting for HTTPS browser. But still I'm not able to use it in the SSL security profile. I thought in the new version, there is a different way or I have to create from the security policy itself.

    Terms & ConditionsAccessibility statement