SSL inspection & CA trust: how to distrust a preinstalled CA

Forum|Forum|8 years ago
August 17, 2017
1 reply
5597 views

Hi all,

Currently all CAs in the TrustedCA list are trusted when doing ssl handshake inspection. Now I would like to remove the trust for certain CAs like "WoSign" and/or others systemwide / for ssl inspection.

I'm running FOS 5.6.1 and can't seem to find any option to do this. How can this be done?

Cheers,

germafab

Best answer by hmtay_FTNT

Hello germafab,

This can only be done through the CLI. Here's how you do it:

config vpn certificate ca

edit <name> E.g. edit WoSign

set trusted disable

If you then check the Trusted CAs List, the certificates will not be there anymore. Hope this helps!

Homing

hmtay_FTNTAnswer

Staff

Hello germafab,

This can only be done through the CLI. Here's how you do it:

config vpn certificate ca

edit <name> E.g. edit WoSign

set trusted disable

If you then check the Trusted CAs List, the certificates will not be there anymore. Hope this helps!

Homing

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded