Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ffischer
New Contributor III

Websites using certificates from let's encrypt are blocked: expired certificate

See this here on FortiOS 6.4.7 with SSL inspection enabled since yesterday. 30. Sept 2021.

Likely a server misconfiguration. More details in my post here: https://forum.fortinet.com/FindPost/199137

 

1 Solution
it_service
New Contributor II

Didn't like having to switch to flow mode or accept any invalid certs. Issue on 6.4.5 (temporarily till FG has a better fix avail.) resolved by following workaround: 1: verify cert bundle is v28 -> diag autoupdate versions -> execute update-now 2: apply DNS blackhole workaround: -> config system dns-database -> edit "1" -> set domain "identrust.com" -> config dns-entry -> edit 1 -> set hostname "apps" -> set ip 127.0.0.1 -> next -> end 3a: flow-mode: -> diag ips share clear cert_verify_cache 3b: proxy-mode: ->:diag test app wad 99

View solution in original post

1 REPLY 1
it_service
New Contributor II

Didn't like having to switch to flow mode or accept any invalid certs. Issue on 6.4.5 (temporarily till FG has a better fix avail.) resolved by following workaround: 1: verify cert bundle is v28 -> diag autoupdate versions -> execute update-now 2: apply DNS blackhole workaround: -> config system dns-database -> edit "1" -> set domain "identrust.com" -> config dns-entry -> edit 1 -> set hostname "apps" -> set ip 127.0.0.1 -> next -> end 3a: flow-mode: -> diag ips share clear cert_verify_cache 3b: proxy-mode: ->:diag test app wad 99