Hot!SSL Inspection not using Self Signed Certificate

Author
d4rk_sp1d3r
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/17 22:25:28
  • Status: offline
2018/01/17 23:15:05 (permalink)
0

SSL Inspection not using Self Signed Certificate

Hi,
 
Is there a way to use SSL inspection using Internal Certificate Authority certs? It seems that SSL inspection only uses local certificate but the format ussualy is in PCKS#12 or the one with password and private key. I cannot seem to generate a CSR file that allows to generate a password or private key from within Fortigate. Installing certs on PC's is not applicable for our company as we have alot of PC's here. I was able to use our internal CA cert to get a secured fortigate management screen but can't seem to use the SSL inspection.
 
Appreciate your help.
 
Regards,
 
Ron
#1

2 Replies Related Threads

    romanr
    Platinum Member
    • Total Posts : 872
    • Scores: 18
    • Reward points: 0
    • Joined: 2004/06/08 08:29:56
    • Location: Vienna/Austria
    • Status: offline
    Re: SSL Inspection not using Self Signed Certificate 2018/01/18 02:59:00 (permalink)
    0
    Hi,
     
    you need to generate a Certificate with "CA: True" enabled... Only this can do ssl interception.
     
    Normaly you would do this on your corporate PKI and import the cerficate & private key to your firewall.
     
    Br,
    Roman
    #2
    emnoc
    Expert Member
    • Total Posts : 4490
    • Scores: 259
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SSL Inspection not using Self Signed Certificate 2018/01/18 07:54:46 (permalink)
    0
    I wrote a blog a few years back on just this
     
    http://socpuppet.blogspot.com/2016/10/a-quick-and-sure-to-know-if-ssl.html
     

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5