How to Resolve Limit of SSL Cert from Protecting SSL Server

dairu · ‎11-22-2022

Hi All,

Is there a way to increase the limit of certificates on the SSL Inspection > Protecting SSL Server?

Apparently, limit of certicates that can be used is 10 as noted on the below article link and seems no resolution on it:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Maximum-number-of-entries-has-been-reached...

Reason for this is that we have mutliple domain names that needs https ssl inspection under one web server.

gfleming · ‎11-22-2022

There is no way to increase max value. You may want to look at using a FortiWeb.

Cheers,
Graham

abelio · ‎11-23-2022

Agree with gfleming post.

A possible workaround could be re-issue some of those certificates in one multidomain SSL certificate; many commercial ssl certs provides multidomain SSL certificate, three as standard service, and more if you paid them for it.

regards

/ Abel

dairu · ‎11-23-2022

Thank you for your input gfleming and abelio.

Would it be expensive? Will have to look into the multi-domain SSL.

I was thinking if we have a workaround where we will set different firewall policy based on the FQDN. It would be like:
-Create a VIP via FQDN (instead of IP-based VIP)
-Create firewall policy for every FQDN VIP (this way, we could separate SSL cert per profile)

Currently testing this idea but so far not yet successful. Appreciate your thoughts about it.

gfleming · ‎11-24-2022

Don't believe the FQDN VIP will work in this case as you only have one public IP address to map it to, correct?

Cheers,
Graham

How to Resolve Limit of SSL Cert from Protecting SSL Server

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website