Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Dinesh_FTNT
Staff
Staff

Created on ‎09-10-2019 04:59 AM Edited on ‎10-26-2024 06:13 AM By Moderator

Article Id 196409

Technical Tip: How to View the Default Trusted CA Certificates on FortiGate

Description

This article describes the steps to view the Default Trusted CA certificates, including those that are part of the 'Certificate Bundle' package that is updated via FortiGuard communications.

Solution

To view in the GUI, go to Security Profiles -> SSL/SSH inspection and select any SSL/SSH inspection profile from the list.

KB img.PNG
After, select 'View Trusted CA List'.

Stephen_G_0-1729948305453.png


In the pane that appears on the right, the trusted CAs certificates are visible. This will include CA certificates that are inside the 'Certificate Bundle' (CRDB) package that is automatically updated via FortiGuard.

To view them in the CLI, the following command can be used to list the trusted CA certificates:

 

execute vpn certificate ca export tftp ?
<string> local certificate name
ACCVRAIZ1
AC_RAIZ_FNMT-RCM
AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS
ANF_Secure_Server_Root_CA
Actalis_Authentication_Root_CA
AffirmTrust_Commercial
<.....>

20554
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.