Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mante
New Contributor

SSL Inspection - Certificate Issue

Hello everyone,

We are currently experiencing an issue with SSL inspection causing an error in the certificate chain for our webmail hosted on the internet. The certificate we are using for the webmail is generated by GoDaddy, and we have successfully installed it on our Fortigate and server. However, when we perform an SSL check with SSL deep inspection enabled from an external source, it indicates that the certificate chain is broken. Interestingly, when we disable SSL deep inspection for that specific policy and conduct the test from outside, the certificate chain appears to be working properly.

As someone new to SSL configurations, I am seeking assistance in identifying the root cause of this issue. Our server team is attributing the problem to the Fortigate, as things seem to function correctly when SSL inspection is turned off. I would greatly appreciate any guidance on where to look and how to resolve this matter.

10.0.0.0.1 192.168.1.254
2 REPLIES 2
abarushka
Staff
Staff

Hello,

 

Can you please clarify whether mail server is behind the FortiGate or clients are behind FortiGate and mail server is hosted somewhere else.

 

The reason why I am asking is that there are 2 different scenarios when FortiGate is protecting server or clients.

FortiGate
hbac
Staff
Staff

Hi @mante,

 

Please note that when you enable deep inspection, FortiGate will replace the certificate with its own certificate. You can check which certificate is being used on the FortiGate GUI > Security Profiles > SSL/SSH Inspection > deep-inspection > CA certificate. 

 

Regards, 

Top Kudoed Authors