- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Self-signed certificate replaced with wildcard?
Hi.
I have a wildcard certificate, with a deadline of one year.
I also have several servers. I thought that I would use own certificates inside the network.
For external guests - Forti will replace this certificate into a wildcard certificate for each server. How to do it?
For this moment I created new SSL/SSH Inspection Profile with:
Enable SSL inspection of - Protecting SSL Server
Server certificate - commercial wildcard
Inspect all ports - disabled
HTTPS: enabled
It works - from WAN I see the wildcard certificate, from LAN I see my own certificate. But with WAN the website loads very slowly or not at all. I wonder what's wrong.
I set what you can see in the screenshot: https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/055107/protecting-an-ssl-ser...
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SOLVED - I changed Inspection Mode from "Flow-based" to "Proxy-based" for the policy.
I didn't have to change it for every polices. This server on proxy, others work great on flow.
Can you confirm that I have configured this correctly? Just because something works doesn't always mean it's set up well ;) When I read this information, it seems to me that the flow should be the right one: https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/659145/flow-mode-inspection-default-mod...
