This article describes how to use custom certificate for error /
block page when using explicit proxy.
# config web-proxy global Note:
set ssl-cert "Fortinet_Factory"
set ssl-ca-cert "Fortinet_CA_SSL" <----- Replace this certificate with certificate.
set fast-policy-match enable
The certificate used for block page, has the CA flag set to ‘True’ as the FortiGate tries to intercept the traffic with a replacement message.
If the CSR is not generated on the FortiGate, certificate is imported along with the private key to FortiGate.