When launch Google Earth, get message that:
Security certificate for play.google.com is not trusted!
With three options:
[ol]Company IT mentioned to click 1 but it says it is unsafe. Why is fortigate making Google Earth unsafe? Does this mean Fortigate people are break into my Google Earth and that is why it is unsafe? OR is Fortigate install spyware and Telemery like Windows in this security certificate?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Most sites that run or hosted via Google (including play.google.com) uses Google's wildcard security certificate. If the fgt is using full SSL (e.g. deep packet) inspection, you will get a security certificate warning because the fgt plays a man-in-the-middle by substituting it's own security certificate in place of the sites own security certification in order to peek at the encrypted traffic. This is pure speculation on my part - you need to take a look at the warning message to see what the error is - it should include what the name is on the security certificate itself.
The pic below show what the real cert should look like.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
If view the details, it shows this (cannnot get screenshot to load here) Type only a few lines only:
Certificate error(s":
The root certificate of the certificate is self signed and untrusted.
Serial Number: 60:15:1a:b3c5ef:1e:18
support@fortigate.com
Here I finally got screenshot to work on Vbox. It makes PNG and your site does not allow PNG. Had to uploaded to another site to get it to work.
[image]https://forum.fortinet.com/ upload image[/image]
Your doing SSL inspection you need to fix your clients by insert and trusting the Cert forger who's the Foprtigate. Nothing is wrong with google earth, fwiw
Ken Felix
PCNSE
NSE
StrongSwan
Hi user.
Your screenshot and your last post shows the Fortigate on your company network appears to be configured for full SSL inspection, and as such requires (ideally) a proper security certificate be installed on your computer's web browser. There are other workaround or remedies for this, of course you can choose to accept the one presented to you (assume it is the fortigate security certificate) but you should follow whatever advise given to you by your network or IT admin.
f you are not in charge or manage your company's fortigate firewall, I suggest you speak to the person who is in charge and let them know you can't download Google Earth because of the company's fortigate firewall settings.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Person said to ignore it and click Proceed Anyway (Unsafe). This is why I am looking for a solution for it since they are no concern about. It says that it is unsafe which makes me worried. How to I bypass and get the certificated installed correctly so that it is save rather than unsafe.
Follow your network admin's lead - do keep in mind that if you choose to proceed there should be an option to add the site's security certificate to your browser - this should be the Fortinet security certificate...but do consult your network admin on this.
I have already provided a link above to understand what is happening and included in that link are "workarounds", including detailed sections:
- Preventing certificate warnings (CA-signed certificate) - Preventing certificate warnings (default certificate) - Preventing certificate warnings (self-signed) - Why you should use SSL inspection The likely best option in your case is to simply ask your network admin to provide and/or install the Foritgate security certificate in your web browser.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
After clicking Proceed Anyway (Unsafe), there is no option to add the site's certificated. Admin says that everything is fine and use the unsafe option only.
Is there any other way to make it safe if admin does not want to import the certificated or does it need a bypass method?
Ok. I found a bypass method to get around foritgate. Thanks for trying but had to solve it my self.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.