HTTPS and replacement messages
we are currently running FortiOS 5.6.2
So it works so far except one thing, when we try to browse an unknown address such as https://12351.heise.de
we get certificate warning because it uses factory default ca certificate to generate the certificate for the replacement message site...our clients reach the Internet through explicit proxy
So we checked our ssl/tls inspection profiles, all profiles except the factory defaults use CA certificates which are trusted by our Clients and it works for all sites which are reachable. So far we dont see where else we can configure this behaviour?
The factory default profiles cant be changed to a trusted cert, in CLI we get
"Cannot modify the read-only factory default profiles!
object set operator error, -657 discard the setting
Command fail. Return code -657"
So how we can configure fortigate issues the certificate for unkown sites/ip`s with our own CA certificate?
Hope someone can help
post edited by Wurstsalat - 2017/12/29 06:36:15