Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
remzi
New Contributor

SSL Inspection with Wilcard Certificate Error

Hi,

I want to enable deep SSL Inspection on my company. If I would want to use this feature for domain user, I would deploy Fortinet CA to my client with GPO. But I want to use this feature for my guests. It is not possible that adding trusted CA on their computers. In this case I tried to upload my wilcard certificate to use SSL Inspection. But I am getting trust error when I go to any website. Is there another type of certificate to use for SSL Inspection ? 

2 REPLIES 2
bpozdena_FTNT

You should not use deep packet inspection on traffic from devices that you do not manage. Use standard certificate inspection profile for guest devices instead. 

 

More info at https://docs.fortinet.com/document/fortigate/6.4.2/administration-guide/505842/certificate-inspectio... 

HTH,
Boris
pavankr5
Staff
Staff

Enabling deep SSL inspection for guest users can be challenging since you cannot deploy a trusted CA certificate on their computers. Using a wildcard certificate for SSL inspection is likely cause trust errors for most websites.

Instead, you can consider using a "self-signed certificate" specifically for SSL inspection purposes.

Thanks

Pavan

Labels
Top Kudoed Authors