Solved
Security Certificate Questions
Sorry for so many questions below. I am kind of a newbie concerning security certificates.
[ol]
Thanks in advance for any help folks can provide.
Are purchased (CA) security certificates a good idea when doing deep packet (SSL) inspection on a FortiGate?
Typically you use your internal CA and publish that certficate via a windows GPO or manual input ( non-windows devices). read below for why it's good.
What benefit does a purchased (CA) security certificate offer over the built in certificate?
Provides trust from a trusted CAchain, a big plus.
Provide life-time
Low-maint ( no need to distribute or import for the most part )
What are the benefits of a commercial certificate (CA) over a self-signed certificate?
Provides trust from a wellknown CAchain, see above about management and import. You only need to import into the fortigate-proxyssl for inspection, a browser will typically honor the publicCA issued cert if it's from a well-knownCA.
Are all purchased (CA) certificates the same and are they all compatible with the FortiGate?
yes, they compatible just like a self-sign. Even a CA-issued is technically "self-signed" ;) Just make sure to get a cert from a well known CA
If a business has a website that is externally hosted and a FortiGate and they would like a security certificate to apply to both the website and the local network (FortiGate), would this involve a different certificate?
A cert on a website for example, is a SeverCert, the cert for sslproxyis a CAtrue certificate both follow x509 but the purpose is NOT mutually the same. So yes you need a webserver-certificate(s) and SSLproxy certificate.
Any recommendations on where to get commercial (CA) certificates?
Shop around geotrust,entrust,godaddy,etc..... Cost could be a few hundred or so dollar but they are affordable
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.