Technical Tip: How to import a FortiGate deep SSL certificate in the system

Importing a FortiGate Deep SSL Inspection certificate into a system involves multiple steps. Deep SSL inspection involves intercepting and decrypting SSL/TLS traffic to inspect its contents for security purposes. Note that these steps can vary based on the specific FortiGate version and the operating system in use. Below is a general outline of the process:

1. Obtain the SSL certificate: Obtain the SSL certificate that the FortiGate unit uses for deep SSL inspection. This could be a self-signed certificate or a certificate signed by the organization's Certificate Authority (CA).
                                                                              

2. Export the SSL certificate: Export the SSL certificate from the FortiGate unit. This can typically be done from FortiGate's web-based management interface or command-line interface (CLI).

3. Copy the certificate to the system: Transfer the exported SSL certificate and private key to the local system. It is recommended to use secure methods like SFTP, SCP, or a secure file-sharing service.

4. Import the Certificate:
   
   On Windows:
   
   1. Open the Windows 'Certificate Manager' (certmgr.msc) service as an administrator.
   2. Navigate to the 'Trusted Root Certification Authorities' or 'Personal' store, depending on where the certificate is to be installed.
   3. 'Right-click' on the store and choose All Tasks -> Import...
   4. Follow the wizard to import the certificate. Make sure to select the option to include the private key if applicable.
                                                                                                      

 On Firefox:

 If the Firefox browser is in use, the certificate must be installed directly in the browser itself.

1. Launch the Firefox browser
2. Select the menu button (three horizontal lines) in the upper right corner, and select Settings. 
3. Scroll down and select 'Privacy & Security' in the left sidebar. Use the search bar to search for 'Certificates'.
4. In the Certificate Manager window, go to the 'Authorities' tab, select the Import button and navigate to the location where the FortiGate certificate file is saved, select it, and select 'Open'.
                                                                                                                                    

On macOS:

1. Open the 'Keychain Access' application.
2. Go to the 'File' menu and choose 'Import Items...'.
3. Browse to the certificate file exported earlier and import it. Make sure to import it to the appropriate keychain (such as 'login' or 'System'), depending on the use case.

On Linux:

1. Depending on the Linux distribution and desktop environment, there may be different tools to manage certificates. On GNOME-based desktops, the 'Seahorse' application can be used.
2. Open the certificate manager and import the certificate.
3. Trust the Certificate: It may be necessary to mark the certificate as trusted to ensure that the system trusts the FortiGate SSL certificate for deep SSL inspection. This step can involve moving the certificate to a trusted store or adjusting trust settings.
4. Restart Applications: In some cases, it may be necessary to restart the web browser or other applications that use SSL/TLS to establish connections. This will ensure that they recognize the newly imported certificate.

Note that the specific steps can vary depending on the operating system, FortiGate version, and the organization's security policies. Always follow the organization's guidelines and best practices for certificate management.