Fortinet black logo

Cookbook

Preventing certificate warnings (self-signed)

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:675946
Download PDF

Preventing certificate warnings (self-signed)

This example shows how to prevent users from receiving a security certificate warning when FortiGate performs full SSL inspection on incoming traffic. When you enable full SSL inspection, FortiGate impersonates the recipient of the originating SSL session and then decrypts and inspects the content. FortiGate then re-encrypts the content, creates a new SSL session between FortiGate and the recipient by impersonating the sender, and sends the content to the user. "Man-in-the-middle" attacks use a similar process which is why a user's device might show a security certificate warning.

When users receive security certificate warnings, they usually click Continue without understanding why the error occurs. To avoid encouraging this habit, you can prevent the warning from appearing in the first place.

For more information about SSL inspection, see Why you should use SSL inspection.

Preventing certificate warnings (self-signed)

This example shows how to prevent users from receiving a security certificate warning when FortiGate performs full SSL inspection on incoming traffic. When you enable full SSL inspection, FortiGate impersonates the recipient of the originating SSL session and then decrypts and inspects the content. FortiGate then re-encrypts the content, creates a new SSL session between FortiGate and the recipient by impersonating the sender, and sends the content to the user. "Man-in-the-middle" attacks use a similar process which is why a user's device might show a security certificate warning.

When users receive security certificate warnings, they usually click Continue without understanding why the error occurs. To avoid encouraging this habit, you can prevent the warning from appearing in the first place.

For more information about SSL inspection, see Why you should use SSL inspection.