Description
When full SSL inspection is used, a number of certificate errors can appear when your browser notices that the certificate being used to encrypt the traffic is not the expected certificate. Some of these errors occur when user authentication is enabled and the FortiGate attempts to redirect traffic to the login page, which your browser interprets as evidence that your connection is not private.
Solution
One error that can occur happens when the site you attempt to connect to uses HTTP Strict Transport Security (HSTS). If this is the case, you may get an error message that is impossible to override:
If this message appears, the best thing to do is browse to a different site and re-attempt user authentication. Once your user credentials have been accepted by the FortiGate, you can access the site that was previously blocked (unless that site is blocked by web filtering).
Browsers sometimes recognize that authentication is required and will display a different HSTS error message that allows you access the login page:
Browsers sometimes recognize that authentication is required and will display a different HSTS error message that allows you access the login page:
If this error appears, you have the option to open the login page and enter your credentials.
Another error can occur when the common name of the certificate used for HTTPS encryption not matching the URL of the site you are attempting to access:
Another error can occur when the common name of the certificate used for HTTPS encryption not matching the URL of the site you are attempting to access:
If this message appears, the best thing to do is browse to a different site and re-attempt user authentication. Once your user credentials have been accepted by the FortiGate, you can access the site that was previously blocked (unless that site is blocked by web filtering).
