Helpful ReplyHot!Office 365 Autodiscover - Certificate warning

Author
skorzen
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/14 08:38:20
  • Status: offline
2017/07/17 09:06:57 (permalink)
0

Office 365 Autodiscover - Certificate warning

Hello guys,
 
I am having a problem with Office 365 Autodiscover process and FortiGate.
 
Basically, when my client (Outlook or even web browser) tries to reach an unresolvable URL like https://tenantname.mail.onmicrosoft.com/autodiscover/autodiscover.xml it presents me with FortiGate certificate warning (signed by FortiGate CA) and when accepted I get to the FortiGate's replacement message saying that DNS name does not exist.
If HTTPS URL is valid (DNS resolvable) then it just gets me to the destination, even if there is no content there, which is what's needed in the previous case.
 
I've tried creating a Static URL Filter in order to bypass this behavior, without luck. Even disabling all kind of SSL inspection and Application Control options, I still get that "error".
 
Is there a way to bypass this? I am using only Explicit Proxy rules. Replacement message cannot be disabled in general, but can be bypassed for this particular FQDN, if possible.
 
Thanks a lot!
 
BR,
 
Bruno Martins
#1
ipns
New Member
  • Total Posts : 12
  • Scores: 1
  • Reward points: 0
  • Joined: 2017/03/16 06:41:47
  • Status: offline
Re: Office 365 Autodiscover - Certificate warning 2017/07/21 06:30:35 (permalink) ☄ Helpfulby skorzen 2017/08/04 10:30:37
0
Hi Bruno,
 
I also had this problem. I solved it by configuring the proxy settings in the browser of my clients, exempting *.onmicrosoft.com from being send to the proxy. Another solution is importing the Fortigate CA certificate in the certificate store of the clients. Another solution is disabling explicit proxy and exempting *.onmicrosoft.com from ssl inspection.

Kind Regards, 
IPNS
#2
skorzen
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/14 08:38:20
  • Status: offline
Re: Office 365 Autodiscover - Certificate warning 2017/08/04 10:31:26 (permalink)
0
ipns
Hi Bruno,
 
I also had this problem. I solved it by configuring the proxy settings in the browser of my clients, exempting *.onmicrosoft.com from being send to the proxy. Another solution is importing the Fortigate CA certificate in the certificate store of the clients. Another solution is disabling explicit proxy and exempting *.onmicrosoft.com from ssl inspection.


 
I'll try your suggestion of modifying client's browser proxy settings.
 
Cheers!
#3
dmcquade
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/10/31 06:21:51
  • Status: offline
Re: Office 365 Autodiscover - Certificate warning 2017/08/09 12:47:32 (permalink)
0
I have had similar situations. For these we create a wildcard FQDN object (*.onmicrosoft.com) and add it to the SSL Inspection profile Exception list.
#4
Jump to:
© 2017 APG vNext Commercial Version 5.5