Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
germafab
New Contributor

SSL inspection & CA trust: how to distrust a preinstalled CA

Hi all,

 

Currently all CAs in the TrustedCA list are trusted when doing ssl handshake inspection. Now I would like to remove the trust for certain CAs like "WoSign" and/or others systemwide / for ssl inspection.

 

I'm running FOS 5.6.1 and can't seem to find any option to do this. How can this be done? 

 

Cheers,

germafab

1 Solution
hmtay_FTNT
Staff
Staff

Hello germafab,

 

This can only be done through the CLI. Here's how you do it:

 

config vpn certificate ca

edit <name>       E.g. edit WoSign

set trusted disable

next

end

 

If you then check the Trusted CAs List, the certificates will not be there anymore. Hope this helps!

 

Homing

View solution in original post

1 REPLY 1
hmtay_FTNT
Staff
Staff

Hello germafab,

 

This can only be done through the CLI. Here's how you do it:

 

config vpn certificate ca

edit <name>       E.g. edit WoSign

set trusted disable

next

end

 

If you then check the Trusted CAs List, the certificates will not be there anymore. Hope this helps!

 

Homing

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors