Preventing Certificate Warnings

Preventing Certificate Warnings

Posted on Jan 13, 2020 (0)

Preventing Certificate Warnings

In daily internet surfing you might download a file containing a virus or it can be possible that  you can receive a phishing email that contains a downloader file and when it is launched, it creates an encrypted session to a command and control (C&C) server which further downloads malware onto your computer. Because the sessions in these attacks are encrypted, they might get past your network's security measures and affect to system.

Now to protect your network from these threats or malware , SSL inspection is required and FortiGate uses this technology to unlock encrypted sessions, and see into encrypted packets, find threats, and block them as per defined policies. SSL inspection protects you from attacks that use HTTPS also from other commonly used SSL-encrypted protocols, such as SMTPS, POP3S, IMAPS, and FTPS.

In this lab we will prevent users from receiving a security certificate warning when your FortiGate applies full SSL inspection to incoming traffic using the default certificate

All FortiGates devices have a default certificate that it uses for full SSL inspection. FortiGate also uses this certificate in the default deep-inspection profile. Now inorder to o prevent users from seeing certificate warnings while accessing internet , you can install this certificate on your users' devices.

Step1: Downloading the certificate used for full SSL inspection

Go to Security Profiles > SSL/SSH Inspection. In top right corner use the dropdown menu to select deep inspection, the profile used to apply full SSL inspection.

The default FortiGate certificate is listed as the CA Certificate. Select Download Certificate.

Installing the certificate on the user's browser

Select and Double click on the certificate file and Open. Select Install Certificate to launch the Certificate Import Wizard which will install the certificate into the Trusted Root Certificate Authorities store. If any security warning appears, select Yes to install the certificate successfully.

An error message would appear in the browser before installing a certificate , when a site that used HTTPS will be  accessed (the example shows an error message appearing in Firefox).

Once the certificate is installed , you will not experience a certificate security issue when you browse to sites on which the FortiGate unit performs SSL content inspection.


    You are will be the first.


Please login here to comment.