Certificate installation
When users connect to FortiSASE in secure web gateway (SWG) mode, FortiSASE proxies traffic from the client. While being proxied, connections using secure protocols like HTTPS have their certificates replaced and signed by FortiSASE. To avoid seeing warnings and errors, the client must trust the signing Certificate Authority (CA) and have a valid certificate chain back to the root CA. Therefore, installing FortiSASE’s CA certificate on the client’s trusted certificate store is important.
You should provide users with the required CA certificate during onboarding. In SWG mode, when you onboard users from the GUI, download the SWG Certificates package that appears at the end of the Secure Web Gateway Users instructions. You can also find this on the right side of the System > SWG Configuration page.
The following instructions demonstrate installing certificates on various operating systems: