Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steaven_K
New Contributor

SSL Full Inspection and Using a CA-signed certificate

When using "SSL Full Inspection"

 

Question)

1. Is it possible to set using "Trusted Public CA"?

2. If possible

   What kind of product should I buy?

 

The only way to apply "trusted pravice ca" is to the manual. (http://cookbook.fortinet.com/preventing-certificate-warnings-cacert-56/)

 

Thank you.

1 Solution
emnoc
Esteemed Contributor III

Short answer "no" and "none". No  public trusted CA if that's what your going after, will issue a private org a CA:TRUE  signed certificate as a normal offering. Just ain't going to happen

 

Your choices

   1:  build a private PKI  and signyour own certificate ( you own the PKI so you can do what ever you want ;)  this is the best  but not ideal for all org/enterprise needs )

   2:  Use the  internal cert that comes in the fortigate ( yeap a cert already exist just import it into your OS and|or Browsers certificate store )

   3:  self-Sign a cert using openssl for example  ( again import it )

 

All of  them has  advantages, #2 is  the simple fix since it "already" exists and all you  have to do nothing  but just use the cert.

Ken

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
2 REPLIES 2
emnoc
Esteemed Contributor III

Short answer "no" and "none". No  public trusted CA if that's what your going after, will issue a private org a CA:TRUE  signed certificate as a normal offering. Just ain't going to happen

 

Your choices

   1:  build a private PKI  and signyour own certificate ( you own the PKI so you can do what ever you want ;)  this is the best  but not ideal for all org/enterprise needs )

   2:  Use the  internal cert that comes in the fortigate ( yeap a cert already exist just import it into your OS and|or Browsers certificate store )

   3:  self-Sign a cert using openssl for example  ( again import it )

 

All of  them has  advantages, #2 is  the simple fix since it "already" exists and all you  have to do nothing  but just use the cert.

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Steaven_K

Thank you for your kind reply.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors