Paired up 100D have two local certificates (with private key), one from own local CA for internal access, and one wildcard certificate bought from godaddy and imported using winssl for transformation.
I'm publishing internal web server using vip and SSH profile on that rule. I created a special SSH profile for web server protection using the certificate, but no matter what I always receive the certificate from the internal CA.
I tried to enable/disable the rule to certify that I'm hitting the right rule, recreated the profile, applied firewall policy using the CLI, applied other certificates to the SSH inpection profile, and seems no matter what i'm stuck with the local certificate.
The certificate from godaddy was imported first using the winssl help to create key and certificate file.
The self signed certificate was generated locally and submited to the internal CA using file.
Any ideas?
Thank you
David
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just deleted the .local certificate, the domain CA certificate and the CRL update.
Refresh the page and I get still a local CA certificate.
to whom it may concern, I found the solution here
http://sysmagazine.com/posts/210582/
Turns out I was trying to get the SSL Inspection rule to hand over my public certificate.
To do the SSL Offloading, the same way TMG does, I had to enable the Load Balance feature and create a Virtual Server and allow the incoming connection rule to refer that, instead of the virtual ip.
all done
Yep it´s Load Balancing is Reverse Proxy too
dbarroco wrote:to whom it may concern, I found the solution here
http://sysmagazine.com/posts/210582/
Turns out I was trying to get the SSL Inspection rule to hand over my public certificate.
To do the SSL Offloading, the same way TMG does, I had to enable the Load Balance feature and create a Virtual Server and allow the incoming connection rule to refer that, instead of the virtual ip.
all done
NSE 8
NSE 1 - 7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.