Wildcard certificate for deep SSL inspection ? How to ???

Forum|Forum|7 years ago
August 6, 2018
1 reply
13503 views

Hi all,

I know this has been debated many times, but still can't solve it.

I have a wildcard valid SSL certificate which I try to importe to my FortiGate. Of course, I have all relevant information, including private key.

No matter what I do, it gets imported to "Certificates" rather than "Local Certificates". I can use it as my Fortinet certificate, I can use it for VPN SSL, but I can not use it for deep inspection.

I'm trying different formats, but the results is always the same. Is there any valid procedure for that?

Best answer by emnoc

Impossible, you need to deploy a certificate or the web-browser will have cert-issuer errors . If you want MiTM you are forging certificates on the fly and the CA ( fortigate ) has to be trusted . No way around this.

You could also look at explicit proxy but you have to provide the proxy details to the client

Ken

Bromont_FTNT

Staff

Is that wildcard cert also a signing certificate? (CA:TRUE) Unlikely.... You'll need to create your own and import your root/intermediate into your workstations.

Philippe_ASTIERAuthor

New Member

Well CA:FALSE.... Damn.

Let's put it the other way round.

I need to do deep inspection, and can NOT deploy a certificate, as there will be many guests to which I can not deploy it.

Any plan for this ?

emnocAnswer

New Member

Impossible, you need to deploy a certificate or the web-browser will have cert-issuer errors . If you want MiTM you are forging certificates on the fly and the CA ( fortigate ) has to be trusted . No way around this.

You could also look at explicit proxy but you have to provide the proxy details to the client

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded