Protecting an SSL server
You typically use the FortiGate Protecting SSL Server profile as an inbound policy for clients on the internet that access the server through the internal side of the FortiGate.
Protecting SSL Server uses a server certificate to protect a single server.
You can use Protecting SSL Server if you do not want a client on the internet to directly access your internal server, and you want the FortiGate to simulate your real server.
To upload a server certificate into FortiGate and use that certificate in the SSL/SSH inspection profile:
- Go to System > Certificates.
- Select Import > Local Certificate and upload the certificate.
- Go to Security Profiles > SSL/SSH Inspection and edit or create a new profile.
- For Enable SSL Inspection of, select Protecting SSL Server.
- For Server Certificate, click the + and select the local certificate you imported.
- Click OK.
When you apply the Protecting SSL Server profile in a policy, the FortiGate will send the server certificate to the client as your server does.