Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
germafab
New Contributor

Created on ‎08-17-2017 01:19 AM

SSL inspection & CA trust: how to distrust a preinstalled CA

Hi all,

 

Currently all CAs in the TrustedCA list are trusted when doing ssl handshake inspection. Now I would like to remove the trust for certain CAs like "WoSign" and/or others systemwide / for ssl inspection.

 

I'm running FOS 5.6.1 and can't seem to find any option to do this. How can this be done? 

 

Cheers,

germafab

4934
0 Kudos
1 Solution
hmtay_FTNT
Staff
Staff

Created on ‎08-17-2017 08:41 AM

Hello germafab,

 

This can only be done through the CLI. Here's how you do it:

 

config vpn certificate ca

edit <name>       E.g. edit WoSign

set trusted disable

next

end

 

If you then check the Trusted CAs List, the certificates will not be there anymore. Hope this helps!

 

Homing

View solution in original post

756
0 Kudos
1 REPLY 1
hmtay_FTNT
Staff
Staff

Created on ‎08-17-2017 08:41 AM

Hello germafab,

 

This can only be done through the CLI. Here's how you do it:

 

config vpn certificate ca

edit <name>       E.g. edit WoSign

set trusted disable

next

end

 

If you then check the Trusted CAs List, the certificates will not be there anymore. Hope this helps!

 

Homing

757
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.