Use new CA certificate in existing SSH/SSL security drop down, new cert not in drop down.

mac987 · ‎11-23-2020

Hi

We are running version 6.2.3 on a fortigate 301E

I want to use a different SSL certificate on an existing SSL inspection policy to only inspect the headers , not full inspection.

I have created the csr on the FG, got it signed by our trusted subca and imported it back into the FG as a local certificate successfully. It is now sitting in the FG cert store under local certificates.

When i select

security profiles

SSH / SSL Inspection and select an existing profile , the settings are

Multiple clients connecting to multiple servers

SSL Certificate Inspection

In the CA certificate dropdown my new certificate does not appear in the list.

When i try and create a new one then upload it states the certificate already exists which it does.

Does anybody have an idea why the new certificate is not showing in the drop down

many thanks in advance

mac

boneyard · ‎11-23-2020

perhaps because you uploaded a regular certificate and not a (sub) CA certificate, is that possible?

anyway for certificate inspection you don't need to upload a certificate, so why do this?

View solution in original post

boneyard · ‎11-23-2020

perhaps because you uploaded a regular certificate and not a (sub) CA certificate, is that possible?

anyway for certificate inspection you don't need to upload a certificate, so why do this?

Use new CA certificate in existing SSH/SSL security drop down, new cert not in drop down.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website