Preventing Certificate Warnings
In daily internet surfing you might download a file containing a virus or it can be possible that you can receive a phishing email that contains a downloader file and when it is launched, it creates an encrypted session to a command and control (C&C) server which further downloads malware onto your computer. Because the sessions in these attacks are encrypted, they might get past your network’s security measures and affect to system.
Now to protect your network from these threats or malware , SSL inspection is required and FortiGate uses this technology to unlock encrypted sessions, and see into encrypted packets, find threats, and block them as per defined policies. SSL inspection protects you from attacks that use HTTPS also from other commonly used SSL-encrypted protocols, such as SMTPS, POP3S, IMAPS, and FTPS.
In this lab we will prevent users from receiving a security certificate warning when your FortiGate applies full SSL inspection to incoming traffic using the default certificate
All FortiGates devices have a default certificate that it uses for full SSL inspection. FortiGate also uses this certificate in the default deep-inspection profile. Now inorder to o prevent users from seeing certificate warnings while accessing internet , you can install this certificate on your users’ devices.
Downloading the certificate used for full SSL inspection
Go to Security Profiles > SSL/SSH Inspection. In top right corner use the dropdown menu to select deep inspection, the profile used to apply full SSL inspection.
The default FortiGate certificate is listed as the CA Certificate. Select Download Certificate.