Skip to main content
d4rk_sp1d3r
d4rk_sp1d3r
New Member
January 18, 2018
Question

SSL Inspection not using Self Signed Certificate

  • January 18, 2018
  • 1 reply
  • 13647 views

Hi,

 

Is there a way to use SSL inspection using Internal Certificate Authority certs? It seems that SSL inspection only uses local certificate but the format ussualy is in PCKS#12 or the one with password and private key. I cannot seem to generate a CSR file that allows to generate a password or private key from within Fortigate. Installing certs on PC's is not applicable for our company as we have alot of PC's here. I was able to use our internal CA cert to get a secured fortigate management screen but can't seem to use the SSL inspection.

 

Appreciate your help.

 

Regards,

 

Ron

    1 reply

    romanr
    romanr
    New Member
    January 18, 2018

    Hi,

     

    you need to generate a Certificate with "CA: True" enabled... Only this can do ssl interception.

     

    Normaly you would do this on your corporate PKI and import the cerficate & private key to your firewall.

     

    Br,

    Roman

    emnoc
    emnoc
    New Member
    January 18, 2018

    I wrote a blog a few years back on just this

     

    http://socpuppet.blogspot.com/2016/10/a-quick-and-sure-to-know-if-ssl.html

     

    Terms & ConditionsAccessibility statement