Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

inspection certificate issue

 

friends good day, one question:
In our main office we have a firewall with version 7.2.5, in this office there are problems accessing a page because when trying to access the certificate message appears:
"the connection is not private

It is possible that attackers are trying to steal your information from xxxxx.com
(for example, passwords, messages or credit cards).

NET::ERR_CERT_AUTHORITY_INVALID"


To fix this issue, a policy was created for that page and the no-inspect profile was applied.
However, when the user enters the page at the top, the message "not secure" appears. Is there a way to remove that message?

Screenshot_2023-08-15-05-31-32-969_com.android.chrome.jpg

 

Since in our branch we have a 7.0.12 firewall, in which there is the same problem of access to the page. The same solution was applied, that is, the access policy was created for that page and the no inspection profile was enabled. However, when trying to access the same page, the message "not secure" does not appear at the top.

 

My question is, why does the user who is in the main office get that message on top and the other user who is in the branch doesn't get that message?

4 REPLIES 4
abarushka
Staff
Staff

Hello,

 

You may expect such message in case deep inspection is performed or traffic is blocked and replacement message is generated while CA certificate is not imported.

 

You may consider to check in browser/traffic sniffer whether there is redirection or traffic is blocked and replacement message is generated.

FortiGate
unknown1020

but because if the configuration was made in both offices, in one office when accessing the page you get that "not secure" message and in the other office it does not appear.

rickyfgt
New Contributor

Double-check all inspections you are doing on those interfaces (Check policies) any Security profiles could be causing this for sure. Easy testing will be to disable the ones you have enabled and test. Clear your browser cache. Especially DNS Filter or Web Filter, as well as SSL Inspection

 
 

Capture.PNG

Sheikh
Staff
Staff

Hello @unknown1020,

 

Which certificate is presented to the users, you can check the certificate that will give you an idea that which firewall or a server is presenting this certificate to users. Please ensure that CA certificate, which signs the server certificate is installed in the local certificate store of client machine. Microsoft Edge & chrome use built-in Windows store while Firefox has it's own certificate store, so incase of Firefox, please ensure that CA certificate is added in the browser's store.

 

regards,

 

Sheikh 

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors