Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
IT_N00b
New Contributor II

Fortianalyzer Server certificate is re-signed as untrusted issue for bing

Hi all,

Generally new with Fortigate and its products. I feel like I have EMS handled well but now with fortianalyzer its a whole new field. In our logs we are getting absolutely spammed with "Server certificate is re-signed as untrusted, certificate-status: untrusted with reason: {} " notifications after I allowed our EDM (bitdefender) to enable a policy to use TLS 1.2. 

I am unsure how to resolve this issue and I am not even sure IF I should resolve it or edit the analyzer to ignore this. I can see how to revert the encryption support policy on local gp editor but cant find it on the global gpo on our domain controller, not exactly sure how our bitdefender is doing it for all devices but that is something I will be looking into shortly.

My question is: Should I find a way to re-disable the TLS encryption on all devices to stop this error from showing up in our logs? or should I disable the error or mark it as false positive? I cant find out much detail on fortianalyzer from the error in the log but according to the email it sends, it seems like bing.com is the only site thats mentioned in these errors.

Thank you,

 

#Fortianalyzer 

4 REPLIES 4
Jean-Philippe_P
Moderator
Moderator

Hello IT_N00b, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

 

Thanks,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello IT_N00b,

 

I discussed this with an engineer and it appears that there is no documentation that can help you. 

 

The best would be to ask assistance here: https://www.fortinet.com/support/contact

 

I hope your issue will be fixed soon and let us know if you find a solution meanwhile.

 

Regards,

Jean-Philippe - Fortinet Community Team
asrour
Staff
Staff

Hi @IT_N00b 

 

This is a Fortigate issue and not a FAZ issue, the Fortianalyzer displays the logs that are coming from the Fortigate.

 

When the Untrusted SSL certificate setting is set to Allow and Fortigate detects an untrusted SSL
certificate, Fortigate generates a temporary certificate signed by the built-in Fortinet_CA_Untrusted
Certificate. Fortigate then sends the temporary certificate to the browser, which presents a warning
to the user indicating that the site is untrusted. If Fortigate receives a trusted SSL certificate, then
it generates a temporary certificate signed by the built-in Fortinet_CA_SSL and sends it to the browser.
If the browser trusts the Fortinet_CA_SSL certificate, the browser will complete the SSL handshake.
This is expected behaviour. 

 

you can test that by:

- disable all UTM features on the Policy, the issue should disappear.
-  change the policy to flow based and modify the UTM features accordingly, the issue should disappear.

 

If you have any furthur questions on this issue, kindly contact Fortigate support for assistance.

 

Thank You!

 

A Srour
Top Kudoed Authors