AnsweredHot!SSL Full Inspection and Using a CA-signed certificate

Author
shkim
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/31 00:45:58
  • Status: offline
2018/06/24 21:35:52 (permalink)
0

SSL Full Inspection and Using a CA-signed certificate

When using "SSL Full Inspection"
 
Question)
1. Is it possible to set using "Trusted Public CA"?
2. If possible
   What kind of product should I buy?
 
The only way to apply "trusted pravice ca" is to the manual. (http://cookbook.fortinet.com/preventing-certificate-warnings-cacert-56/)
 
Thank you.
#1
emnoc
Expert Member
  • Total Posts : 5063
  • Scores: 307
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: SSL Full Inspection and Using a CA-signed certificate 2018/06/25 02:38:20 (permalink) ☼ Best Answerby shkim 2018/06/25 20:19:58
5 (1)
Short answer "no" and "none". No  public trusted CA if that's what your going after, will issue a private org a CA:TRUE  signed certificate as a normal offering. Just ain't going to happen
 
Your choices
   1:  build a private PKI  and signyour own certificate ( you own the PKI so you can do what ever you want ;)  this is the best  but not ideal for all org/enterprise needs )
   2:  Use the  internal cert that comes in the fortigate ( yeap a cert already exist just import it into your OS and|or Browsers certificate store )
   3:  self-Sign a cert using openssl for example  ( again import it )
 
All of  them has  advantages, #2 is  the simple fix since it "already" exists and all you  have to do nothing  but just use the cert.
Ken

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#2
shkim
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/31 00:45:58
  • Status: offline
Re: SSL Full Inspection and Using a CA-signed certificate 2018/06/25 20:21:25 (permalink)
0
Thank you for your kind reply.
 
#3
Jump to:
© 2018 APG vNext Commercial Version 5.5