Hi,
I want to enable deep SSL Inspection on my company. If I would want to use this feature for domain user, I would deploy Fortinet CA to my client with GPO. But I want to use this feature for my guests. It is not possible that adding trusted CA on their computers. In this case I tried to upload my wilcard certificate to use SSL Inspection. But I am getting trust error when I go to any website. Is there another type of certificate to use for SSL Inspection ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You should not use deep packet inspection on traffic from devices that you do not manage. Use standard certificate inspection profile for guest devices instead.
More info at https://docs.fortinet.com/document/fortigate/6.4.2/administration-guide/505842/certificate-inspectio...
Enabling deep SSL inspection for guest users can be challenging since you cannot deploy a trusted CA certificate on their computers. Using a wildcard certificate for SSL inspection is likely cause trust errors for most websites.
Instead, you can consider using a "self-signed certificate" specifically for SSL inspection purposes.
Thanks
Pavan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.