[Solved] Fortimanager and Certificates for SSL Deep Inspection

Forum|Forum|7 years ago
August 29, 2018
1 reply
7836 views

Hiho,

I'm planning on activating SSL Deep Inspection via our FMG. So I got a SubCA Certificate from our internal CA for each of our FGTs the usuall way (generate CSR on FGT and then sign it with the CA and import the certificate). So far everything went wthout any problem. Every FGT now has a SSL Certificate for https and and a SubCA Certifcate from our CA on it.

Now I need to map this inside FMG to be able to configure the cert to be used for SSL Deep Inspection and this is where the problems start:

On my FGTs the SubCA can only be imported as CA Certificate (which is correct though) but gets importet into external CA Certificates. And for some reason external Certificates installed on the FGT are not available in FMG :\

I can only choose the SSL Cert which is installed as local certificate on the FGT. in FMG.

Is there any solution to make external certs available in FMG or have the FGT install SubCA to local CA instead of remote?

sw2090Author

SuperUser

Hm maybe I found out myself. One FGT allowed me to install a subca as local certificate which then should be available in FMG. So the other FGT should do aswell. Will check on this tomorrow...

sw2090Author

SuperUser

yes obivously that's the solution.

- create a CSR on your FortiGate

- use your CA to create a certificate (Type: SubCA) from that CSR

- import the certificate - not as a CA (even though it is one) but as local certificate

then you see it in FMG and can do mapping. The mapping can then be used in a SSL Inspection PRofile

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded