Skip to main content
Holy
Holy
New Member
September 22, 2017
Question

SSL Certificate Inspection Only Certificate Warning

  • September 22, 2017
  • 4 replies
  • 27123 views

Hello Guys,

 

this is realy annoying. with 5.2 we never had Problems using SSL Inspection Profile "Certificate-Inspection" to be able to block HTTPS Websites and it was working with no Problem.

 

now with 5.4.6 for every HTTPS Site that is on a blocked category we first get a Certificate Warning Message from FortiGate via HTTPS and therefore first there is a "Certificate Warning" Message.

 

if you proceed and accepts then you see the Replacement Message from FortiGAte "This Category is blocked"

 

What has been changed in 5.4 ?

 

i know we can disable the HTTPS Replacement Message on the Web Filter Profile but then the Connection just get refused and users wont see the reason why the site has been blocked.

 

Installing FortiGate CA on all Workstations is also not a solution for us.

 

The Thing is, on 5.2 it worked without Problems.

 

Do you have any Suggestion how to block https Sites not getting this warning Messages?

 

Thank you

4 replies

n00b
n00b
New Member
October 13, 2017

This is indeed a problem with us also.

However, we only get a certificate warning and unable to proceed.

So, end-users don't know why a page is blocked and thinks that there is probably no internet prompting them to call the desktop support.

 

 

amargys
amargys
New Member
June 21, 2018

Hi guys,

 

Have you found the solution for this?

 

Thanks,

ronildo1
ronildo1
New Member
June 21, 2018

amargys wrote:

Hi guys,

 

Have you found the solution for this?

 

Thanks,

Hello, this is exactly a problem that i have, we have one client that have a guest wifi and want to block Web Sites like pornography and bandwidth consume and other, but the guest don't have the certificate installed on their Smartphones, tablets and notebooks, what to do in this case?  The guest does'nt have the certificate because are guests lol. 

 

Thank you. if anyone find the solution.

jmaurelli
jmaurelli
New Member
June 29, 2018

Interested to see the reply from someone in the know. My situation is similar.

 

FortiOS 5.6.4 200D and I'm unable to web filter a site because of HTTPS. I'm still working through the steps to accomplish this. I'm expecting the same results you have. 

jmaurelli
jmaurelli
New Member
June 29, 2018

I have configured our web filter and am getting the same results. A certificate warning, the user has to click through, then they see the Block page.

ronildo1
ronildo1
New Member
July 5, 2018

Do you set the deep-inspection our certificate inspection? And be sure that the certificate is installed on the machine? 

 

This is a strange behavior, because the basic is certificate installed on the machine and the ssl-inspection enabled. 

Terms & ConditionsAccessibility statement