Description | This article explains the cause of an issue where, after adding an exemption for a specific website, FortiGate produces errors about certificate issues when the website is using an untrusted certificate. |
Scope | Fortigate, SSL. |
Solution |
When using SSL exemptions, Fortigate will ONLY exempt the content of the selected flows from inspection. SSL exemption excludes the session from being 'deep scanned', and UTM inspection would be disabled.
However, checks for trusted or untrusted certificates against SNI or CN are still performed because this happens during the SSL negotiation stage. As a result, the settings are separated in two configuration menus:
Options for certificate inspection:
Options for SSL flow inspection exemptions:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.