Hello everyone,
I am working on implementing FortiClient 7.2.4 trial.
I did import a web filter profile from our FortiGate and enabled ssl deep inspection.
Now it does not seem that FortiClient EMS imports the SSL inspection certificate which is used from FortiGate (and trusted by the clients).
I did not find any setting to let me control the certificate used for ssl deep inspection in FortiClient EMS... Anyone knowing where to set the certificate used for deep inspection in FortiClient EMS?
Edit: Ok seems like forcing to install the FortiClient extension gets rid of invalid ssl certificate warnings. Is this the way to go then?
But I still get certificate warnings when starting Outlook... So how do I set this up correctly?
The fortigate deep inspection certificate must be installed on the end user’s machine under the truster root ca certificates
You can push the deep inspection certificates using EMS , Please check this doc
I already have a running setup with a FortiGate and deep inspection profile.
This is not my problem.
It seems like FortiClient EPP/APT deep inspection using a seperate "FortiClient certificate" which is untrusted by the clients.
Hi @miciti
If you are seeing the certificate warning when accessing the website then simply check the certificate details to find the CA who signed it.
Refer to the article: https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details.
Certificate details let you know whether CA is Fortigate or something else.
Regards,
Rahul Kaushik
Hi,
thank you very much for your replies!
I tried to reproduce the issue get a screenshot from the "FortiClient" cert issued by "Fortinet support" that produced the certificate error but it seems the issue was fixed somehow. Maybe there was a configuration error in EMS or the web filter sync to FortiGate was broken, do not know but for now it is working as intended.
Created on 07-25-2024 04:09 AM Edited on 07-25-2024 04:10 AM
Hi,
today the issue appeared again. This time I took a screenshot from the certificate.
There is a FortiClient certificate issued by fortinet support...
This certificate is definitely not used by my FortiGate when doing SSL inspection.
Anyone here having an idea? I would gladly solve that before buying licenses for all our computers... (currently on trial, issue apperas on all three test computers)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.