Hi,
in the month we will switch from 100D to 200E. The network is about 600PC, a bit rate of around 300Mbps and 8-12,000 connections. In terms of auditing (OneDrive blocking, file transfer over Skype, etc.) and security we want to implement SSL deep inspection. We run a Windows domain, so I tested a SelfSigned certificate using Web Enrollment Services http://kb.fortinet.com/kb...ateId=1%200%2052652981
The idea is that I would distribute this certificate using GPO to the stations - I'm primarily concerned about minimal manual interference at the end stations. I was really surprised that IE, Edge, Thunderbird, Outlook have no problem with this and are working reliably. The problem is set in Chrome: NET :: ERR_CERT_WEAK_SIGNATURE_ALGORITHM
because SHA-1. How do you solve this problem?
Thanks
Jirka
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Jirka,
I have solved that limiting my Chrome to use TLS 1.2 and 1.1. I should try it.
Best regards.
Elthon Abreu FCNSA v5
azh wrote:zhunissov4,Hello,
You can update CA certificate from SHA-1 to SHA-256 like in this video - https://www.youtube.com/watch?v=KSrkWmeUcXw
After you can install new CA certificate with SHA-256 via GPO to all your domain PCs.
Hope it helps ;)
you are a star! It works wonderfully! Thank you very much for your help
Jirka
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.