Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jpatel
Staff
Staff

Created on ‎03-04-2016 04:57 PM Edited on ‎12-29-2024 11:30 PM By Moderator

Article Id 196847

Technical Tip: How to import CA certificates into IOS mobile devices

Description

 
This article describes the issue of Iphone and Ipad devices accessing to a website that is being protected by FortiGate web filter with SSL Full Inspection. 
Iphone and Ipad users will get an error prompt of 'Untrusted security certificate'.

This is a known behavior with FortiGate CA certificates on IOS devices where it is not able to locate the intermediate CA and will show an error message.


Scope

 

FortiGate, BYOD ('Bring Your Own Device') clients, IOS Mobile Devices.


Solution

 

There are 2 options to install the CA certificate to IOS/BYOD clients.  Either install the CAs to BYOD clients manually or use some sort of MDM (Mobile Device Management) and NAC (Network access control) to install the certificates to the BYOD machines or have a redirection page/captive portal to download the certificate.
 
If MDM and NAC are not available, the only solution is to download and install the certificate to the IOS/BYOD clients.
 
To manually download and install the CA certificate from the FortiGate to the clients:
 
Download the FortiGate CA from the Web Based Manager (GUI).

  • Go to System -> Certificates -> Local Certificates.
  • Select Fortinet_CA_SSLProxy (this applies to another certificate that needs to be used for SSL inspection).
  • Select Download.
  • Save the file Fortinet_CA_SSLProxy.cer (or any other related CA file if another certificate needs to be used).
 
JeanPhilippe_P_0-1735543579871.png

 

 

Follow the below steps to import FortiGate’s CA certificate into an IOS device:
 
  1. Download the iPhone configuration utility.
  2. Make sure the certificate is installed on the machine.
  3. Launch the tool.
  4. Select the configuration profiles workspace area.
  5. Select the new button.
  6. Under 'General', select a name such as 'Root Certificate Trust', and all other mandatory fields.
  7. Select the credentials area, and select the configure button.
  8. Select the certificate to trust, then select OK.
  9. Connect the iOS device.
  10. The device will show under Devices. Select it.
  11. Select the Devices Configuration Profiles tab.
  12. The new profile will be displayed. Select Install.
  13. A message will be displayed on the iOS device prompting the user to select Install. Select Install on the device.
  14. Select 'Install now' to the confirmation.
  15. A passcode will be requested, then the screen will change to the profile installed. Select the Done button
 

Related articles:

Technical Tip: How to enable deep inspection and import a certificate in the browser

Technical Tip: How to import FortiGate CA certificates into Android devices 

Labels:
22255
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.