FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 240332
Description This article explains the cause of an issue where, after adding an exemption for a specific website, FortiGate produces errors about certificate issues when the website is using an untrusted certificate.
Scope Fortigate, SSL.

When using SSL exemptions, Fortigate will ONLY exempt the content of the selected flows from inspection. SSL exemption excludes the session from being 'deep scanned', and UTM inspection would be disabled.


However, checks for trusted or untrusted certificates against SNI or CN are still performed because this happens during the SSL negotiation stage. As a result, the settings are separated in two configuration menus:


Options for certificate inspection:




Options for SSL flow inspection exemptions: