SSL Inspection Problem / Wrong Certifikate for all SSL Sites
when i turn on the SSL Inspection for a Firewall Policy " Local > WAN" (test lab)
after that when i am trieng to access an https:// site like google Facebook and so on it sayÂ´s everytime that the they have the wrong certificate.
under SSL/SSH Inspection Settings the Fortinet_CA_SSLProxy Certifikate is set.
so when i turn off the SSL Inspektion all thing get normal again.
This Fortigate is a FortiGate VM64 is registred and AntiVirus License is valid too.
Someone have a solution for this porblem?
Since you don' t control Facebook, you have no access to their CA certificate.
If you try the same with a server on your local network and you manage its cert, than you can import it on the Fortigate and it will be displayed on the clients as the official server certificate.
The browser rightly displays the warning message about incorrect certificate error when you visit Facebook.
Any signing certs can be imported on the Fortigate, but if you want to SSL offload all traffic going to external sites without warnings, you can distribute the Fortigate cert to the trusted store of the clients browsers via your internal client management system/group policy.
There' s a brief Fortigate cookbook article about how it can be properly done.
Preventing security certificate warnings when using full SSL inspection
Just a side note; implementation on the production network should be discussed with your local legal team though.
I' m sure many employes would not be happy to learn that you are monitoring and logging their banking/health/private transactions without their prior consent.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.