I have to do SSL inspection for a specific HTTPS traffic to a server in order to add HTTP X-Forwarded-Header. Right now it works fine with the Fortigate built-in self-signed cert.
The problem is that some clients like Cisco routers already have a CA hardcoded in them. They need to see the specific certificate for the webpage, instead of the Fortigate one.
I have the cert itself and the private key for the certificate used by the web server. I, however, don't have the CA certificate's private key.
I am not an expert on certificate stuff. I only know basic. My understanding is that the Fortigate will use the CA cert and its private key to dynamically sign the URLs passing through the SSL inspection. Is that correct?
The question is, in this scenario, is it possible to force the SSL inspection profile to use the web server cert for the matched traffic?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.