Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Kianosh
New Contributor

Fortigate SSL Certificate for Browser Problem

Hi all, I have a following problem. I use FortiGate 300C. When SSL content inspection for HTTPS (deep scan) is enabled on a FortiGate, the web browsers will usually prompt a warning message if the Certificate Authority for the default certificate used by the Fortigate SSL inspection is not known by the browser specially when you want to access your firewall through web browser. I moved the Fortinet_CA_SSLProxy Certificate file to IE and Firefox browsers and add it into Trusted Root Certification Authorities. Also, I got a copy of my system Certificate to Fortigate.but it doesn' t work and problem still exist. My IE browser version is 11.0 and Firefox is 30. also all of this done on Win7 x64. Do you know how to get ride of that problem? Any help would be greatly appreciated. Thanks
5 REPLIES 5
Warren_Olson_FTNT

Late reply but if you still need try the following cookbook article: http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Authentication/cb_certs_untrusted.html
Nihas
New Contributor

I have the exact issue in my network . But for me its working on IE . I have imported FG_CA_SSLProxy in chrome and mozilla, but both are not working .!
Nihas [\b]
Nihas [\b]
Nihas
New Contributor

I have upgraded to 5.2 Now it' s working perfect.
Nihas [\b]
Nihas [\b]
rboe
New Contributor

Does the Fortinet appear as a correct Trusted Root CA in your Browser?? If yes -> You are writing, that you have importet the system Certificate to your Fortigate to? so please check if your Fortigate is using the correct certificate to break up the SSL Connection.. may its using the wrong certificate to generate the endpoint certificate. In gerneral you may should think about to get an official intermediate CA Certificate for your Fortigate.. then you would have solved all your clientside problems without any further investigation. For all futher handson information about the certificate topic download the FGT Cookbook http://docs.fortinet.com/d/fortigate-the-fortigate-cookbook-5.0.5 and referer to page 290ff.
Kind regards
Kind regards
Sean_Toomey_FTNT

I will add here that there have been significant improvements to SSL/SSH inspection in 5.2, and if you rely on these features I would encourage you to move to 5.2 as soon as it makes sense to do so. As always with switching to a new major version, please back everything up (firmware AND config) in more than one place and ensure you always have a way to recover. Cheers!
-- Sean Toomey, CISSP FCNSP Consulting Security Engineer (CSE) FORTINET— High Performance Network Security
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors