Question about certificate inspection

Forum|Forum|3 years ago
July 13, 2022
1 reply
1582 views

Sorry guys I started with firewalls recently and I am doing the nse4 course but I am bit confused about this topic.

1:In deep inspection fortigate do this to validate te certificate : Verifies his revocation list, ca certificate possession,validade the dates and digital signature, is this correct ?

2- in ssl certificate inspection validades the same using the SNI that the clients sends in the TLS handshake ? fortigate will validate as well ""date,signature,etc" but using the SNI , is it correct ?

3-What is the certificate bundle ? for example I know that fortigate utlizes the Mozila Root CA list, the certificate bundle is this? is the root ca list ?

4-This one is more general question, why the same web site can have different certifica path in different web browsers ? for example i open a site that the intermediate ca was different in firefox and chrome, because if I understand the server will send his ca that is signed by a intermediate ca and this ca is signed by a root ca. But this website I had a different path in different web browsers.

Thank you in advance for any help

FortiGate

AlexC-FTNT

Staff

I'd say:

1.yes

2.yes

3. that would be the trusted CA list

4. because the site certificates are sometimes cross-signed and each browser does its independent security check. So it may reach different results depending which CA auth is checking against

pminarik

Staff

I'll just add that:

1, Neither CRL or OCSP-based revocation checks are done by default.

CRLs need to be imported manually first (for any interesting CA), OCSP needs to be enabled in "config vpn certificate setting" (ocsp-status etc.).

2, SNI check can be directly controlled in newer firmware versions with the "Server certificate SNI check" option (GUI):

SNI check GUI snippet

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded