FortiGate 100E – SSL inspection causes NET::ERR_CERT_COMMON_NAME_INVALID on HTTPS sites (e.g. Google

FNAC · ‎11-05-2025

Hi experts,

I am experiencing a certificate warning when users browse HTTPS websites such as Google.

The browser shows:

Your connection isn’t private
NET::ERR_CERT_COMMON_NAME_INVALID

Device Details:

Model: FortiGate 100E
Firmware: v6.2.16 build1392 (GA)
SSL Inspection Mode: Deep inspection (certificate inspection using Fortinet_CA_SSL)
Web Filter: Enabled
FortiGate certificate is already imported into client trusted root store
FortiGate DNS cache has been flushed (diagnose test application dnsproxy 8)
Tested browsers: Chrome, Edge (same issue)

Troubleshooting Done:

Verified system time on FortiGate and client
Flushed DNS cache on FortiGate and PC
Imported Fortinet_CA_SSL into Windows and Chrome store
Checked if FortiGate is presenting a mismatched CN (shows FortiGate CA instead of Google CN)

Question:

Is this a known issue with v6.2.16 build1392?

Any official Fortinet patch or workaround to fix SSL deep inspection mismatch?

AEK · ‎11-08-2025

Hi FNAC

In normal working, the DPI profile sets the certificate CN to the requested FQDN.

Did you configure an authentication portal in your FGT? If so then disable it and redo the test.
Can you rebuild a DPI profile from scratch, use it in your firewall rule and redo the test?

AEK

Nominate a Forum Post for Knowledge Article Creation