Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Self-signed certificate replaced with wildcard?



I have a wildcard certificate, with a deadline of one year. 
I also have several servers. I thought that I would use own certificates inside the network.
For external guests - Forti will replace this certificate into a wildcard certificate for each server. How to do it?


For this moment I created new SSL/SSH Inspection Profile with:
Enable SSL inspection of - Protecting SSL Server
Server certificate - commercial wildcard
Inspect all ports - disabled
HTTPS: enabled

It works - from WAN I see the wildcard certificate, from LAN I see my own certificate. But with WAN the website loads very slowly or not at all. I wonder what's wrong.


I set what you can see in the screenshot:

New Contributor

SOLVED - I changed Inspection Mode from "Flow-based" to "Proxy-based" for the policy. 


I didn't have to change it for every polices. This server on proxy, others work great on flow.

Can you confirm that I have configured this correctly? Just because something works doesn't always mean it's set up well ;)  When I read this information, it seems to me that the flow should be the right one: 


Top Kudoed Authors