Technical Tip: How to validate the certificate dat...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 420780

Description

This article explains how to validate the expiration date of SSL-inspection certificates on FortiGate, with instructions for confirming the certificate status from the client’s browser.

Scope

FortiGate.

Solution

Download and install the FortiGate CA Certificate on the client pc.

Certification shows the Validation date as below: Valid from 14-11-2025 to 15-11-2035.

CA FGT Certificate.png

The valid date issued by CA shows 10 years.
After installation on the client Pc under Trusted Root Certificate.
Try to access any URL, like public websites. It will show a validity from 9/05/2025 to 12/05/2025.

The CA issues the duration for the current websites; it will keep changing every time, but the same valid date will be visible on the browser:

Select Certification valid -> Certification Path.
Under the FortiGate Serial number, the Website SNI will be visible.
Select the GortiGate Serial Number, CA Certificate validation shows the same as the Deep_Inspection Certificate.

CA certificate validation.png

To verify the original Certificate Validation for the website, it can be verified from a third-party website.

SSL Shopper.png

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to validate the certificate date between FortiGate SSL Inspection and Client Browser

You are leaving our website