Lately, I've been seeing various cert issues while browsing various sites. Even Outlook seems to be having problems with the FortiGate. You can see from the image below that outlook is having problems accepting the cert from the Fortigate. Is the configuration wrong? Is there a step missed in the process? Is there a cookbook on SSL inspection?
[image][/image]
Hi Andrew at TheLinkSource.com,
Yes, it sounds like you have a configuration issue (by the way it looks like your image was posted incorrectly and has been removed).
It sounds like you have full SSL inspection enabled- in that scenario the Fortigate performs a "man in the middle" inspection and the SSL flow is broken in two. Client to Fortigate, Fortigate to Server. The Fortigate reencrypts the SSL session towards the client with it's own CA cert. End clients then see the Fortigate certificate.
So all your systems need to trust the Fortigate CA cert otherwise you will see plenty of certificate warnings. Even if your systems do trust the cert- some serivces will break (particularly anything which uses certificate pinning such as google or youtube).
Perhaps you should also have a read of the ssh inspection system of the admin documentation here:-
http://docs.fortinet.com/...997/ssl-ssh-inspection
The Fortigate documentation is pretty good and should help steer you in the right direction.
Kind Regards,
Andy.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
