Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steaven_K
New Contributor

Created on ‎06-24-2018 09:35 PM

SSL Full Inspection and Using a CA-signed certificate

When using "SSL Full Inspection"

 

Question)

1. Is it possible to set using "Trusted Public CA"?

2. If possible

   What kind of product should I buy?

 

The only way to apply "trusted pravice ca" is to the manual. (http://cookbook.fortinet.com/preventing-certificate-warnings-cacert-56/)

 

Thank you.

5479
0 Kudos
1 Solution
emnoc
Esteemed Contributor III

Created on ‎06-25-2018 02:38 AM

Short answer "no" and "none". No  public trusted CA if that's what your going after, will issue a private org a CA:TRUE  signed certificate as a normal offering. Just ain't going to happen

 

Your choices

   1:  build a private PKI  and signyour own certificate ( you own the PKI so you can do what ever you want ;)  this is the best  but not ideal for all org/enterprise needs )

   2:  Use the  internal cert that comes in the fortigate ( yeap a cert already exist just import it into your OS and|or Browsers certificate store )

   3:  self-Sign a cert using openssl for example  ( again import it )

 

All of  them has  advantages, #2 is  the simple fix since it "already" exists and all you  have to do nothing  but just use the cert.

Ken

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
1747
0 Kudos
2 REPLIES 2
emnoc
Esteemed Contributor III

Created on ‎06-25-2018 02:38 AM

Short answer "no" and "none". No  public trusted CA if that's what your going after, will issue a private org a CA:TRUE  signed certificate as a normal offering. Just ain't going to happen

 

Your choices

   1:  build a private PKI  and signyour own certificate ( you own the PKI so you can do what ever you want ;)  this is the best  but not ideal for all org/enterprise needs )

   2:  Use the  internal cert that comes in the fortigate ( yeap a cert already exist just import it into your OS and|or Browsers certificate store )

   3:  self-Sign a cert using openssl for example  ( again import it )

 

All of  them has  advantages, #2 is  the simple fix since it "already" exists and all you  have to do nothing  but just use the cert.

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1748
0 Kudos
Steaven_K
New Contributor
In response to emnoc

Created on ‎06-25-2018 08:21 PM

Thank you for your kind reply.

 

1712
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.