Websites using certificates from let's encrypt are blocked: expired certificate

ffischer · ‎10-01-2021

See this here on FortiOS 6.4.7 with SSL inspection enabled since yesterday. 30. Sept 2021.

Likely a server misconfiguration. More details in my post here: https://forum.fortinet.com/FindPost/199137

it_service · ‎10-01-2021

Didn't like having to switch to flow mode or accept any invalid certs. Issue on 6.4.5 (temporarily till FG has a better fix avail.) resolved by following workaround: 1: verify cert bundle is v28 -> diag autoupdate versions -> execute update-now 2: apply DNS blackhole workaround: -> config system dns-database -> edit "1" -> set domain "identrust.com" -> config dns-entry -> edit 1 -> set hostname "apps" -> set ip 127.0.0.1 -> next -> end 3a: flow-mode: -> diag ips share clear cert_verify_cache 3b: proxy-mode: ->:diag test app wad 99

View solution in original post

it_service · ‎10-01-2021

Didn't like having to switch to flow mode or accept any invalid certs. Issue on 6.4.5 (temporarily till FG has a better fix avail.) resolved by following workaround: 1: verify cert bundle is v28 -> diag autoupdate versions -> execute update-now 2: apply DNS blackhole workaround: -> config system dns-database -> edit "1" -> set domain "identrust.com" -> config dns-entry -> edit 1 -> set hostname "apps" -> set ip 127.0.0.1 -> next -> end 3a: flow-mode: -> diag ips share clear cert_verify_cache 3b: proxy-mode: ->:diag test app wad 99

Websites using certificates from let's encrypt are blocked: expired certificate

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website