I've recently been seeing a lot of "SSL Fatal Alert received" or "SSL Alert received" with the message being "certificate unknown" or "unknown ca".
When I track the associated IPs back, they almost all turn out to be big name owners: apple, google, dropbox, etc.
I'm assuming/hoping this is likely due to more servers being put online and new server or intermediate ca certs getting generated that haven't percolated through Fortinet's system yet.
Just wanted to check if others are seeing the same thing or if there could be something else going on?
Where are the clients located in relation to the firewall they're going through?
Are they hitting a policy with certificate inspection or full SSL inspection enabled?
What firmware are you running?
FortiOS 6.0.9 with clients located on same site as FortiGates (seeing at two locations).
Seeing this both on policies that only have certificate inspection and on policies that have full SSL inspection enabled.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.