FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bkarl
Staff
Staff
Article Id 305034
Description

The article explains how to distribute a Fortinet Root or Intermediate Certificate (CA) to ensure that devices on the network trust the certificate used by the FortiGate, especially in the case of SSL Inspection or SSL VPN. This is done using Group Policies (GPO) in an Active Directory environment.

Scope FortiOS Windows Server.
Solution

Go to Group Policy Management on the Windows Server.

 

KB 31 1.jpg

 

Create a new GPO if it does not exist:

 

KB 31 2.jpg

 

In this case, the GPO's name is 'test'. Right-click and select 'Edit'.

 

KB 31 3.jpg

 

After, navigate to Computer Configuration -> Windows Settings -> Security Settings -> Public Key Policies -> Trusted Root Certification Authorities -> 'Right-Click' and choose the Import option -> Next, choose the path where the certificate file is, then finish the installation.

 

KB 31 4.jpg

 

The client PCs can either be restarted or have the GPO manually synced by running the following command:

gpupdate /force

 

 

Fortinet devices do not apply GPOs directly; this is an Active Directory functionality.

Comments
lpedraza
Staff
Staff

@bkarl Thank you so much for your contribution!!! please keep up the great work!

lpedraza
Staff
Staff

@Stephen_G We do appreciate your contribution!!!