Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
d4rk_sp1d3r
New Contributor

SSL Inspection not using Self Signed Certificate

Hi,

 

Is there a way to use SSL inspection using Internal Certificate Authority certs? It seems that SSL inspection only uses local certificate but the format ussualy is in PCKS#12 or the one with password and private key. I cannot seem to generate a CSR file that allows to generate a password or private key from within Fortigate. Installing certs on PC's is not applicable for our company as we have alot of PC's here. I was able to use our internal CA cert to get a secured fortigate management screen but can't seem to use the SSL inspection.

 

Appreciate your help.

 

Regards,

 

Ron

2 REPLIES 2
romanr
Valued Contributor

Hi,

 

you need to generate a Certificate with "CA: True" enabled... Only this can do ssl interception.

 

Normaly you would do this on your corporate PKI and import the cerficate & private key to your firewall.

 

Br,

Roman

emnoc
Esteemed Contributor III

I wrote a blog a few years back on just this

 

http://socpuppet.blogspot.com/2016/10/a-quick-and-sure-to-know-if-ssl.html

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors