Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mac987
New Contributor

Use new CA certificate in existing SSH/SSL security drop down, new cert not in drop down.

Hi

We are running version 6.2.3 on a fortigate 301E

I want to use a different SSL certificate on an existing SSL inspection policy to only inspect the headers , not full inspection.

I have created the csr on the FG,  got it signed by our trusted subca and imported it back into the FG as a local certificate successfully. It is now sitting in the FG cert store under local certificates.

 

When i select 

security profiles

SSH / SSL Inspection and select an existing profile , the settings are

 

Multiple clients connecting to multiple servers

SSL Certificate Inspection

In the CA certificate dropdown my new certificate does not appear in the list. 

 

When i try and create a new one then upload it states the certificate already exists which it does.

 

Does anybody have an idea why the new certificate is not showing in the drop down

 

many thanks in advance

 

mac

1 Solution
boneyard
Valued Contributor

perhaps because you uploaded a regular certificate and not a (sub) CA certificate, is that possible?

 

anyway for certificate inspection you don't need to upload a certificate, so why do this?

View solution in original post

1 REPLY 1
boneyard
Valued Contributor

perhaps because you uploaded a regular certificate and not a (sub) CA certificate, is that possible?

 

anyway for certificate inspection you don't need to upload a certificate, so why do this?