Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

SSL Inspection Error

We are using "SSL Certificate Inspection" to ensure that webfiltering works on https website. (Not Deep Inspection)  Unfortunately, we appear to have run into an issue accessing the "" website that appears to be related the the SSL Certificate Inspection. When Chrome attempts to access this site, it displays the following error ERR_BAD_SSL_CLIENT_AUTH_CERT. I can't seems to find a way to exempt the SSL certificate inspection for this website without changing it over to Full SSL Inspection. Is there anyway to exempt this website when using "SSL Certificate Inspection" without changing it over to "Full SSL Inspection"?

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Esteemed Contributor III



Does other browsers give similar warnings?


have you tried a policy without ssl_inspection for just that site? What happens?





PCNSE NSE StrongSwan

Edge, IE, and Chrome all don't work.


Turning off SSL Inspection allows the website to load up.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Valued Contributor

We have had issues where we had to make a policy for certain sites that ignores it. Usually, the browser knows the cert doesn't match because it has been to the site before. Browsers are getting too smart for their own good.

Mike Pruett Fortinet GURU | Fortinet Training Videos
New Contributor

Getting similar actions as well.  

Everything is working fine for a few weeks. Then the decryption engine just pukes for no reason.  We all so have app control on inbound to our exchange server to block OWA and allow activesync.  last night that stopped as well. 


I am waiting for support on the phone now. Been on the phone for 25 minutes. 


500D running 5.4.1

If anyone can add please do.  I have had issues with decryption since we deployed last year running 5.2.3

Top Kudoed Authors