FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 274168
Description This article describes how to download the right certificate for SSL/SSH deep inspection.
Scope FortiGate 6.4, 7.X.

In order to do a deep inspection of the traffic that flows through the FortiGate, it is necessary to install a FortiGate certificate in the PCs or stations that generate the traffic.


Navigate to the menu System -> Certificates, then many certificates will appear but there is a simple way to download the right certificate to achieve a successful deep inspection.




  • Identify the certificate configured in the policy that matches the traffic that needs to be inspected.
  • Select the Download button.

Following this procedure ensures to have the right certificate.