Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
WebGregGit
New Contributor

Self-signed certificate replaced with wildcard?

Hi.

 

I have a wildcard certificate, with a deadline of one year. 
I also have several servers. I thought that I would use own certificates inside the network.
For external guests - Forti will replace this certificate into a wildcard certificate for each server. How to do it?

 

For this moment I created new SSL/SSH Inspection Profile with:
Enable SSL inspection of - Protecting SSL Server
Server certificate - commercial wildcard
Inspect all ports - disabled
HTTPS: enabled


It works - from WAN I see the wildcard certificate, from LAN I see my own certificate. But with WAN the website loads very slowly or not at all. I wonder what's wrong.

 

I set what you can see in the screenshot: https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/055107/protecting-an-ssl-ser...

1 REPLY 1
WebGregGit
New Contributor

SOLVED - I changed Inspection Mode from "Flow-based" to "Proxy-based" for the policy. 

 

I didn't have to change it for every polices. This server on proxy, others work great on flow.


Can you confirm that I have configured this correctly? Just because something works doesn't always mean it's set up well ;)  When I read this information, it seems to me that the flow should be the right one:  https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/659145/flow-mode-inspection-default-mod... 

 

Top Kudoed Authors