On FortiGate
Verify that the FortiGate's "Fortinet_CA_SSLProxy" Certificate is displayed under System\Certificates\Local CA Certificates.
On EMS
Go to Administration\CA Certificate Management.
Click "Import"..
1) In the pop-up window, add the following:
2) IP address/Hostname
3) VDOM
4) Username5) Password6)
7) Click on "Import"
Add Certificate to User's Profile
Go to Endpoint Profiles\Manage Profiles
1) Select and Edit Profile.
2) Select the System Settings Tab.
3) Scroll down to the "Other" Section.
4) Enable "Install CA Certificate on Client".
5) A listing of the CA imported Certificate is listed.
6) Select the Certificate to push to the Endpoint.
7)
8) Click "Save".
The "Fortinet_CA_SSLProxy" Certificate will be downloaded by the FortiClient Endpoint in its next keep-alive cycle. (Usually every 60 seconds)
Verify Certificate installation
1) Start\Run -> enter "mmc"
2) Click File\Add/Remove Snap-in...
3) In the add "Add or Remove Snap-ins" window, select Certificates.
4) Click "Add".
5) Select "My user account".
6) Click "Finish".
7) Click "OK". (You will see it opens "Certificates - Current User")
8) Expand "Trusted Root Certification Authorities".
9) Click "Certificates".
10) Locate the the Certificate with the FortiGate's Serial Number in the list.11)12)
References
Further information on stopping the "Connection is untrusted" message are available here.
Further information is available in the FortiClient EMS Administration Guide which can be found here.
Further information about avoiding certificate warning messages in SSL inspection are available here.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.