SSL Inspection with Wilcard Certificate Error

Forum|Forum|4 years ago
December 3, 2021
2 replies
1921 views

Hi,

I want to enable deep SSL Inspection on my company. If I would want to use this feature for domain user, I would deploy Fortinet CA to my client with GPO. But I want to use this feature for my guests. It is not possible that adding trusted CA on their computers. In this case I tried to upload my wilcard certificate to use SSL Inspection. But I am getting trust error when I go to any website. Is there another type of certificate to use for SSL Inspection ?

FortiGate

bpozdena_FTNT

Staff

You should not use deep packet inspection on traffic from devices that you do not manage. Use standard certificate inspection profile for guest devices instead.

More info at https://docs.fortinet.com/document/fortigate/6.4.2/administration-guide/505842/certificate-inspection

pavankr5

Staff

Enabling deep SSL inspection for guest users can be challenging since you cannot deploy a trusted CA certificate on their computers. Using a wildcard certificate for SSL inspection is likely cause trust errors for most websites.

Instead, you can consider using a "self-signed certificate" specifically for SSL inspection purposes.

Thanks

Pavan

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded