| Description | This article explains the cause of an issue where, after adding an exemption for a specific website, FortiGate produces errors about certificate issues when the website is using an untrusted certificate. |
| Scope | Fortigate, SSL. |
| Solution |
When using SSL exemptions, Fortigate will ONLY exempt the content of the selected flows from inspection. SSL exemption excludes the session from being 'deep scanned', and UTM inspection would be disabled.
However, checks for trusted or untrusted certificates against SNI or CN are still performed because this happens during the SSL negotiation stage. As a result, the settings are separated in two configuration menus:
Options for certificate inspection:
Options for SSL flow inspection exemptions:
|
