Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎08-15-2023 03:37 AM

inspection certificate issue

 

friends good day, one question:
In our main office we have a firewall with version 7.2.5, in this office there are problems accessing a page because when trying to access the certificate message appears:
"the connection is not private

It is possible that attackers are trying to steal your information from xxxxx.com
(for example, passwords, messages or credit cards).

NET::ERR_CERT_AUTHORITY_INVALID"


To fix this issue, a policy was created for that page and the no-inspect profile was applied.
However, when the user enters the page at the top, the message "not secure" appears. Is there a way to remove that message?

Screenshot_2023-08-15-05-31-32-969_com.android.chrome.jpg

 

Since in our branch we have a 7.0.12 firewall, in which there is the same problem of access to the page. The same solution was applied, that is, the access policy was created for that page and the no inspection profile was enabled. However, when trying to access the same page, the message "not secure" does not appear at the top.

 

My question is, why does the user who is in the main office get that message on top and the other user who is in the branch doesn't get that message?

Labels:
795
0 Kudos
4 REPLIES 4
abarushka
Staff
Staff

Created on ‎08-15-2023 03:52 AM

Hello,

 

You may expect such message in case deep inspection is performed or traffic is blocked and replacement message is generated while CA certificate is not imported.

 

You may consider to check in browser/traffic sniffer whether there is redirection or traffic is blocked and replacement message is generated.

FortiGate
785
0 Kudos
unknown1020
New Contributor III
In response to abarushka

Created on ‎08-15-2023 08:26 AM

but because if the configuration was made in both offices, in one office when accessing the page you get that "not secure" message and in the other office it does not appear.

754
0 Kudos
rickyfgt
New Contributor

Created on ‎08-15-2023 09:22 AM

Double-check all inspections you are doing on those interfaces (Check policies) any Security profiles could be causing this for sure. Easy testing will be to disable the ones you have enabled and test. Clear your browser cache. Especially DNS Filter or Web Filter, as well as SSL Inspection

 
 

Capture.PNG

746
0 Kudos
Sheikh
Staff
Staff

Created on ‎08-16-2023 02:15 AM

Hello @unknown1020,

 

Which certificate is presented to the users, you can check the certificate that will give you an idea that which firewall or a server is presenting this certificate to users. Please ensure that CA certificate, which signs the server certificate is installed in the local certificate store of client machine. Microsoft Edge & chrome use built-in Windows store while Firefox has it's own certificate store, so incase of Firefox, please ensure that CA certificate is added in the browser's store.

 

regards,

 

Sheikh 

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
730
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.