Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Certificate error

Hi All, 1 of our customers is reporting certificate errors to all websites. We are using the default certificate inspection (please find config below) (certificate-insp~ion) # show full-configuration config firewall ssl-ssh-profile edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config ssl set inspect-all disable end config https set ports 443 set status certificate-inspection end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable set inspect-all disable set unsupported-version bypass set ssh-policy-check disable set ssh-tun-policy-check disable set ssh-algorithm compatible end set caname "Fortinet_CA_SSL" next end This is then matching an outbound internet policy. Here we also use the default web filter profile. As you can see we use the Fortigate_CA_SSL certificate. This customer does not use deep inspection and no changes have been made on the devices. any advice would be great.




Did you distribute the certificate to the end users? They have to install and trust that certificate at the endpoint, in the browser or the OS. If not, they will get the cert error.


Opinions expressed are my own and may not represent the official opinion of my employer.

Top Kudoed Authors