Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Outlook warning certificate

Hi experts,

I have a problem with the explicit proxy.

I do not stop out in the notice outlook attached.

I have enabled SSL inspection to filter https proxy.

Can you help me or give me some idea?


New Contributor III

you may be able to resolve this one of two ways:


1. in the web filter profile, exclude filtering for the mail.[   ].com domain.  We've seen this fix dropbox issues before.

2. in AD group policy, make a new group policy which deploys the SSL Certificate used by the Fortigate.  Deploy it as trusted and the workstations will believe they're talking to the real server.  A word of caution, depending on how the SSL Certificate snooping is configured, users may not realize they're talking to a fake site because the Fortigate is re-signing everything as trusted.  So you may want to leave disabled the feature which allows users to see sites with bad SSL certificates.



Hi Steve,


Thanks for answering.


I think the right way would be 1, since the road 2've done, installing the certificate on my own workstation and that message keeps coming every 2 or 3 hours.

The problem comes if you use explicit proxy, when I get the warning active

If I allow the https traffic in the political ipv4 not get the error.


What would be the process to create the ssl inspection exepcion not?


If you need more information, I sent you.


thank you.


Perhaps you can make an IPv4 firewall policy and place it above the normal internet access policy.

Inside that policy make the following settings:

- from [your LAN]

- to [IP address of the mail server]

enable NAT, but do not enable SSL Cert, do not enable Web Filtering


New Contributor II



The problem does not have to ipv4 policy.

I have it with explicit web.

I tried to make exceptions to the mail domain name, but does not work.




New Contributor

hi all

have seam issue with outlook in my domain since have introduce fortigate 100d but finally i have allowed http over proxy  or outlook web access from application control in mail section




I experienced the same issue, and fix was to put in the Proxy FQDN and Realm... E.g Proxy for company named Example


Proxy FQDN =

Realm =





New Contributor

The outlook is doing every process to make it secure and the warning certificate is also an example of that. The thing is that it has to be done to make the email scam and hacking preventive.

New Contributor

You can easily fix your Outlook certificate error by verifying the certificate name in Outlook, using unsecure port, and using the hosting domain name as mail server name. You can also fix Outlook invalid certificate issue by changing in the Outlook outgoing SMTP port settings.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors