Skip to main content
mac987
mac987
New Member
November 23, 2020
Solved

Use new CA certificate in existing SSH/SSL security drop down, new cert not in drop down.

  • November 23, 2020
  • 1 reply
  • 2790 views

Hi

We are running version 6.2.3 on a fortigate 301E

I want to use a different SSL certificate on an existing SSL inspection policy to only inspect the headers , not full inspection.

I have created the csr on the FG,  got it signed by our trusted subca and imported it back into the FG as a local certificate successfully. It is now sitting in the FG cert store under local certificates.

 

When i select 

security profiles

SSH / SSL Inspection and select an existing profile , the settings are

 

Multiple clients connecting to multiple servers

SSL Certificate Inspection

In the CA certificate dropdown my new certificate does not appear in the list. 

 

When i try and create a new one then upload it states the certificate already exists which it does.

 

Does anybody have an idea why the new certificate is not showing in the drop down

 

many thanks in advance

 

mac

    Best answer by boneyard

    perhaps because you uploaded a regular certificate and not a (sub) CA certificate, is that possible?

     

    anyway for certificate inspection you don't need to upload a certificate, so why do this?

    1 reply

    boneyard
    boneyardAnswer
    Esteemed Contributor III
    November 23, 2020

    perhaps because you uploaded a regular certificate and not a (sub) CA certificate, is that possible?

     

    anyway for certificate inspection you don't need to upload a certificate, so why do this?

    Terms & ConditionsCookie settingsAccessibility statement