Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
d4rk_sp1d3r
New Contributor

Created on ‎01-17-2018 11:15 PM

SSL Inspection not using Self Signed Certificate

Hi,

 

Is there a way to use SSL inspection using Internal Certificate Authority certs? It seems that SSL inspection only uses local certificate but the format ussualy is in PCKS#12 or the one with password and private key. I cannot seem to generate a CSR file that allows to generate a password or private key from within Fortigate. Installing certs on PC's is not applicable for our company as we have alot of PC's here. I was able to use our internal CA cert to get a secured fortigate management screen but can't seem to use the SSL inspection.

 

Appreciate your help.

 

Regards,

 

Ron

11535
0 Kudos
2 REPLIES 2
romanr
Valued Contributor

Created on ‎01-18-2018 02:59 AM

Hi,

 

you need to generate a Certificate with "CA: True" enabled... Only this can do ssl interception.

 

Normaly you would do this on your corporate PKI and import the cerficate & private key to your firewall.

 

Br,

Roman

844
0 Kudos
emnoc
Esteemed Contributor III
In response to romanr

Created on ‎01-18-2018 07:54 AM

I wrote a blog a few years back on just this

 

http://socpuppet.blogspot.com/2016/10/a-quick-and-sure-to-know-if-ssl.html

 

PCNSE 

NSE 

StrongSwan  

844
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.