Fortinet black logo

Cookbook

Preventing certificate warnings (default certificate)

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:565000
Download PDF

Preventing certificate warnings (default certificate)

In this recipe, you prevent users from receiving a security certificate warning when your FortiGate performs full SSL inspection on incoming traffic. There are several methods for doing this, depending on whether you're using your ForiGate default certificate, as presented here, your a CA-signed certificate (see Preventing certificate warnings (CA-signed certificate), or a self-signed certification (see Preventing certificate warnings (self-signed)).

When you enable full SSL inspection, your FortiGate impersonates the recipient of the originating SSL session, then decrypts and inspects the content. The FortiGate then re-encrypts the content, creates a new SSL session between the FortiGate and the recipient by impersonating the sender, and sends the content to the end user. This is the same process used in "man-in-the-middle" attacks, which is why a user's device may show a security certificate warning.

For more information about SSL inspection, see Why you should use SSL inspection.

Often, when users receive security certificate warnings, they simply select Continue without understanding why the error is occurring. To avoid encouraging this habit, you can prevent the warning from appearing in the first place.

Preventing certificate warnings (default certificate)

In this recipe, you prevent users from receiving a security certificate warning when your FortiGate performs full SSL inspection on incoming traffic. There are several methods for doing this, depending on whether you're using your ForiGate default certificate, as presented here, your a CA-signed certificate (see Preventing certificate warnings (CA-signed certificate), or a self-signed certification (see Preventing certificate warnings (self-signed)).

When you enable full SSL inspection, your FortiGate impersonates the recipient of the originating SSL session, then decrypts and inspects the content. The FortiGate then re-encrypts the content, creates a new SSL session between the FortiGate and the recipient by impersonating the sender, and sends the content to the end user. This is the same process used in "man-in-the-middle" attacks, which is why a user's device may show a security certificate warning.

For more information about SSL inspection, see Why you should use SSL inspection.

Often, when users receive security certificate warnings, they simply select Continue without understanding why the error is occurring. To avoid encouraging this habit, you can prevent the warning from appearing in the first place.