SSL Inspection question about the Option "Allow Invalid SSL Certificates"

Question

Hello all,

i'am using here FortiOS 6.2.4 with deepinspection in Flow and Proxy based mode. A few weeks ago the great event was where there were problems with wrong or broken SSL certificates. Since then I have had problems with websites again and again.

For example "logoix.com". If i call the site i get an proxy error in flowbased mode. In proxybased mode i get an error with an invalid ssl certificate. And there are a lot of site more. Normal sides, trusted sites.

So if i check the box "Allow Invalid SSL Certificates" all websites work as usual. So what does it really mean? Becaues if i have a look at the certificate in the webbrowser, it look like ok.

I've also read this:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/24449/ssl-ssh-inspection

https://kb.fortinet.com/kb/documentLink.do?externalID=FD40530

Thanks and best regards :)

ipranger · Answer

Ah, ok this was/is an issue: https://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=FD49028

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded