Hello,
im wondering if there is a way to deploy the cert for ssl decryption to all users? I dont want to do it manually for everyone, we dont have on prem DC.
Is there a way to push the cert to the client using forticlient?
G
Yes there is; you can use EMS to push out the SSL certificate to all registered FortiClients. Under Endpoint Profiles > System Settings there is an option to install CA certificate on client.
Hello,
thanks for the reply, exist any scenario to deploy what i want without the use of EMS, so only with the interation with fortigate/forticlient?
Hi,
You need to go either with EMS server or with pushing via the group policy via the DC. There is no other option to send to Forticlient.
Regards
Jamal
How do you manage your user devices currently? You said you don't have a on-prem DC, so does this mean you have a DC in Azure maybe? Are you maybe using a MDM like InTune or AirWatch, etc... You can deploy the certificate to your devices via your MDM.
The question I asked arises because before buying fortigate I had Palo Alto, and with global protect you had the opportunity to push the deep-inspection certificate directly from globalprotect,
so I thought that on the fortinet side there was a similar system that did not provide for an additional application such as EMS.
We don't have a DC, the company is very small and it's not necessary with the current infrastructure.
Created on 05-03-2023 01:53 PM Edited on 05-03-2023 01:59 PM
Hmmm...someone might come with some other automated GUI way to do this, but if you don't have any form of device management at your disposal, then you will have to rely on yourself or the user to perform this task. The task can be simplified from the user's side of things by use of a script (and this is making some assumptions as you did not say what type of devices you have, so I am going to assume Windows). This gets into the weeds quick if you are not a scripter, but the idea would be that you have your users run this script (maybe you zip the cert and script up, send it via email with instructions on what to do, etc...) and it installs the certificate into the correct cert store on their computer. You can do a simple Google search for "script to install certificate in trusted root" for example and dive down that rabbit hole.
Note: adding as well to this, you might want to consider some form of MDM for this and future needs of device management. I know you said your org was small. ManageEngine for example offers a free MDM for up to 25 devices. I don't use theirs, but I was just using them as an example due to their free offering. I'm sure others have something similar you could investigate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.