When a FortiWeb appliance initiates or receives an SSL or TLS connection, it will use certificates. Certificates can be used in HTTPS connections for:
- decryption and inspection
- authentication of clients
- authentication of servers
FortiWeb may require you to provide certificates and CRLs even if your websites’ clients do not use HTTPS to connect to the websites.
For example, when it sends alert email via SMTPS or querying an authentication server via LDAPS or STARTTLS, FortiWeb validates the server’s certificate by comparing the server certificate’s CA signature with the certificates of CAs that are known and trusted by the FortiWeb appliance. For details, see CA certificates and Revoking certificates.