Hello, everyone
I have the following problem.
If I want to use a web filter (on a fortigate 101F with ver. 6.4.8) the http query works, but as soon as I want to use https I get the message err_cert_authority_invalid from various browsers.
She is concerned with the network for visitors who come to us at meetings.
Do I still have to adjust something in the SSL/SSH inspection? I use the default certificate inspection.
Thank you very much for your help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
err_cert_authority_invalid -- means that you have to check what certificate is presented to the users. If there is a deep-inspection profile used in FortiGate, the certificate used to sign the connection is self-signed by Fortigate (therefore not recognized).
Now, if the webfilter is used with certificate-inspection only, it has no access to the decrypted data stream, but it needs to present the user a warning message that the page is blocked by webfilter. That message is also encrypted, but FG can't use the same certificate as the web site the client tried to access, so it will sign this stream with its own certificate.
Thank you for the information.
What exactly do I have to configure so that this message no longer comes?
You need to purchase a 3rd party signed SSL certificate (as the article linked above describes) and use it for the webfilter replacement message:
# config user setting
# set auth-ca-cert "new certificate name"
# end
In addition to what Alex mentioned - if the FortiGate is trying to present a block page (because the website belongs to a blocked category, for example) you should get a log message in the Web Filter section noting that something has been blocked.
Might be worth checking :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1703 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.