Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amateolo
New Contributor II

Outlook warning certificate

Hi experts,

I have a problem with the explicit proxy.

I do not stop out in the notice outlook attached.

I have enabled SSL inspection to filter https proxy.

Can you help me or give me some idea?

Regards.

8 REPLIES 8
SteveRoadWarrior
New Contributor III

you may be able to resolve this one of two ways:

 

1. in the web filter profile, exclude filtering for the mail.[   ].com domain.  We've seen this fix dropbox issues before.

2. in AD group policy, make a new group policy which deploys the SSL Certificate used by the Fortigate.  Deploy it as trusted and the workstations will believe they're talking to the real server.  A word of caution, depending on how the SSL Certificate snooping is configured, users may not realize they're talking to a fake site because the Fortigate is re-signing everything as trusted.  So you may want to leave disabled the feature which allows users to see sites with bad SSL certificates.

 

amateolo

Hi Steve,

 

Thanks for answering.

 

I think the right way would be 1, since the road 2've done, installing the certificate on my own workstation and that message keeps coming every 2 or 3 hours.

The problem comes if you use explicit proxy, when I get the warning active

If I allow the https traffic in the political ipv4 not get the error.

 

What would be the process to create the ssl inspection exepcion not?

 

If you need more information, I sent you.

 

thank you.

SteveRoadWarrior

Perhaps you can make an IPv4 firewall policy and place it above the normal internet access policy.

Inside that policy make the following settings:

- from [your LAN]

- to [IP address of the mail server]

enable NAT, but do not enable SSL Cert, do not enable Web Filtering

 

amateolo
New Contributor II

Hi,

 

The problem does not have to ipv4 policy.

I have it with explicit web.

I tried to make exceptions to the mail domain name, but does not work.

attached

 

Regards

redasodexo
New Contributor

hi all

have seam issue with outlook in my domain since have introduce fortigate 100d but finally i have allowed http over proxy  or outlook web access from application control in mail section

jiggyjiyane

Hi

 

I experienced the same issue, and fix was to put in the Proxy FQDN and Realm... E.g Proxy for company named Example

 

Proxy FQDN = proxy.example.co.za

Realm = example.co.za

 

 

 

 

rocky700
New Contributor

The outlook is doing every process to make it secure and the warning certificate is also an example of that. The thing is that it has to be done to make the email scam and hacking preventive.

ERROR CODE 0XC0000428
markssmith500
New Contributor

You can easily fix your Outlook certificate error by verifying the certificate name in Outlook, using unsecure port, and using the hosting domain name as mail server name. You can also fix Outlook invalid certificate issue by changing in the Outlook outgoing SMTP port settings.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors