Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dairu
New Contributor III

How to Resolve Limit of SSL Cert from Protecting SSL Server

Hi All,

 

Is there a way to increase the limit of certificates on the SSL Inspection >  Protecting SSL Server?

Apparently, limit of certicates that can be used is 10 as noted on the below article link and seems no resolution on it:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Maximum-number-of-entries-has-been-reached...

 

Reason for this is that we have mutliple domain names that needs https ssl inspection under one web server.

 

4 REPLIES 4
gfleming
Staff
Staff

There is no way to increase max value. You may want to look at using a FortiWeb.

Cheers,
Graham
abelio
Valued Contributor

Agree with gfleming post.

 

A possible workaround could be re-issue some of those certificates in one multidomain SSL certificate;  many commercial ssl certs provides  multidomain SSL certificate, three as standard service, and  more if you paid them for it.

 

 

regards




/ Abel

regards / Abel
dairu
New Contributor III

Thank you for your input gfleming and abelio.

 

Would it be expensive? Will have to look into the multi-domain SSL.

I was thinking if we have a workaround where we will set different firewall policy based on the FQDN. It would be like:
-Create a VIP via FQDN (instead of IP-based VIP)
-Create firewall policy for every FQDN VIP (this way, we could separate SSL cert per profile)

 

Currently testing this idea but so far not yet successful. Appreciate your thoughts about it.

 

gfleming

Don't believe the FQDN VIP will work in this case as you only have one public IP address to map it to, correct?

Cheers,
Graham
Labels
Top Kudoed Authors