Hi All, 1 of our customers is reporting certificate errors to all websites. We are using the default certificate inspection (please find config below) (certificate-insp~ion) # show full-configuration config firewall ssl-ssh-profile edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config ssl set inspect-all disable end config https set ports 443 set status certificate-inspection end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable set inspect-all disable set unsupported-version bypass set ssh-policy-check disable set ssh-tun-policy-check disable set ssh-algorithm compatible end set caname "Fortinet_CA_SSL" next end This is then matching an outbound internet policy. Here we also use the default web filter profile. As you can see we use the Fortigate_CA_SSL certificate. This customer does not use deep inspection and no changes have been made on the devices. any advice would be great.
Thanks
Did you distribute the certificate to the end users? They have to install and trust that certificate at the endpoint, in the browser or the OS. If not, they will get the cert error.
---
Opinions expressed are my own and may not represent the official opinion of my employer.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.