Hi All,
We have Fortigate 100D model with 6.2.15 version, recently we are facing issue with zoom app while accessing it and getting the below error.
We have validate the certificate on fortinet, its not expired and valid as well. Tried to download the certificate which are we using security profile as 'certificate inspection' in policy and inspection mode is set to proxy mode and added this certificate to the browser as well but no luck. When we changed inspection mode to flow based it started working as expected. But we want it should work on proxy mode with security profile as "certificate inspection'.
Could you please provide the solution?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
yes it needs to be installed into the certificate space "trusted certificate authorities" on your client(s).
Once this is achieved the browsers will trust that certificate because they will trust the CA.
That is because of basic functionallity of ssl deep inspection:
DPI is a man-in-the-middle thingy. The FGT will have to decrypt the encrypted https/ssl traffic to be able to inspect it with its filters. Afterwards it will have to re-encrypt it since the client expects encrypted traffic. Since it cannot do re-encryption using the original certificate - because it doesn't have the private key - it will use the CA you set in Deep Inspection Profile to create and sign a new certificate that has the original DN/SAN in it and use that to re-encrypt the traffic. Then if you haven't installed the CA as trusted CA the browswer on the client will not trust this certifcate for it is not signed by a trusted CA.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hi Ankit,
A Quick update here,
Regards
Hi All,
Thanks for supporting. The got resolved now:)
To block the Zoom application on your computer, you can utilize application control or blocking features available in certain security software or parental control tools. The specific steps may vary depending on the software you are using, but here is a general guide to help you through the process. First, identify the software or tool you are using for application control or blocking. It could be a third-party security software or built-in parental control settings on your operating system. Open the software or access the settings panel where you can configure application control or blocking.
Next, look for an option that allows you to add or block specific applications. This feature might be labeled as "Application Control," "Program Blocking," or something similar. Locate this option within the software's interface.
Hi Ankit1,
I hope you're well.
You want to download the Fortinet_CA_SSL and install this on the endpoint not the Fortinet_CA_Untrusted you previously tried. I would clear the SSL cache on the device and then install that certificate and that will do the trick and resolve the certificate error
Regards,
Dan.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.