Hello team!!!
Just a basic question
We have a third party certificate issued from a trusteed certificate authority, for our web server.
Is it possible to use the same certificate for doing deep inspection in outgoing fortigate policies? Is there any requirement for this certificate to work?
What are the steps to import this certificate into a Fortigate in 7.2.1 ?
Thanks in advance.
Regards,
Damián
Solved! Go to Solution.
damianhlozano wrote:Is it possible to use the same certificate for doing deep inspection in outgoing fortigate policies? Is there any requirement for this certificate to work?
Hi
Unfortunately not, you can't use it do that (no commercial isssued certificates can´t I guess)
For deep inspection your certificate must have attribute CA=TRUE or KeyUsage=KeyCertSign
That certificate allows your FGT to issue certificates (and private keys) on the flight.
regards
/ Abel
damianhlozano wrote:Is it possible to use the same certificate for doing deep inspection in outgoing fortigate policies? Is there any requirement for this certificate to work?
Hi
Unfortunately not, you can't use it do that (no commercial isssued certificates can´t I guess)
For deep inspection your certificate must have attribute CA=TRUE or KeyUsage=KeyCertSign
That certificate allows your FGT to issue certificates (and private keys) on the flight.
regards
/ Abel
Just like the fact mentioned by abelio, you can't use a web server certificate for deep inspection. The process of deep inspection includes decryption and re-encryption of the packet post content scanning. Hence, it is necessary to equip the certificate with a subCA attribute. You may refer to the documents below for the explanation and steps to generate the certificate if required:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/605938/why-you-should-use-ssl-inspection
Thanks for the information guys!!!
that's also the reason why no commercial certs can be used. There is seemingly no commerical CA out there that would issue you a sub-ca certificate :)
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
User | Count |
---|---|
1954 | |
1146 | |
770 | |
447 | |
296 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.