Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BK_LGW
New Contributor

Cert Error - SSH Inspection (FW Cert Has Been Installed On PC)

Hello all. Web filtering with Full SSL Inspection, we've deployed the FW default certificate to end user PCs and for the most part inspection runs without a hitch. Sometimes however we get a cert error like the one I've attached (I was testing to make sure the FW completely kills UltraSurf). The certificate says it's from *.fortinet.com when it should say it's from "ultrasurf.us" or whichever website the user was trying to get to in the first place. Why does this happen? I'd appreciate any guidance you can offer.

 

10 REPLIES 10
BK_LGW

Bromont_FTNT wrote:

You said you want to block ultrasurf.us right? So basically the Fortigate is trying to show the Blocked Page which of course would have the Fortinet certificate but the browser is expecting ultrasurf

Thanks for your reply. On some block pages that work properly, the certificate shows the webserver hostname as expected. How would I account for the *.fortinet.com name being used? Please see attached. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors