Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ramescool
New Contributor

Fortinet_CA_SSLProxy and Configuration Restore

Hi, Please confirm my queries on below, 1. Will Fortinet_CA_SSLProxy Certificate value (HASH or Thumbprint) change if we restore the configuration which is taken from the another box? 2. If the Firmware Upgrade will change the HASH or Thumbprint on the existing Fortinet_CA_SSLProxy? 3. Is it possible to import the Fortinet_CA_SSL_Proxy certificate from Box A to Box B and make the imported certificate as default Certificate for certificate inspection?

The quick response is much helpful.

Thanks, Ramesh

2 REPLIES 2
Wayne11
Contributor

Very interesting question and I would like to know too, because we need to replace the Fortinet_CA_SSLProxy certificate on one of our 200D witch is having an SHA1 hash. We can't use this certificate anymore without getting warnings already from Chrome and 2017 all browsers will deny it.

So does Fortinet has any plan to upgrade the local CA certificates or can we import a new one?

Jeff_FTNT

Yes, you can move Fortinet_CA_SSLProxy Certificate with configure restore.

The  Fortinet_CA_SSLProxy Certificate is  an CA certificate (include private key) saved under Local certificate site. When backup setting, it include Private key/Certificate in config setting, so you may move it with config setting, upgrade firmware will not change it. You may copy/paste "Fortinet_CA_SSLProxy" part setting in config file to move it.

 

If download "Fortinet_CA_SSLProxy" from GUI, it only include certificate without private key, it would not works if import to another FGT.Thanks.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors