Created on 04-11-2023 05:38 AM Edited on 02-05-2024 04:40 AM By Jean-Philippe_P
This article describes how to add a new certificate to SSL/SSH inspection profile.
If it is impossible to select the certificate in the SSL/SSH inspection, it can be for two reasons:
To import the certificate go to System -> Certificate -> Import -> Local certificate.
Then select certificate if having a separate public and private key, or select PKCS12 if having a '.pfx' bundle.
Then go to System -> Certificate and check if CA=True is there or not.
The certificate must have the basic constraints extension set to CA=True and the value of the keyUsage extension set to keyCertSign.
Related documents:
Technical Tip: How to import an SSL certificate as a local certificate
Import a certificate
Technical Tip: Installing Private CA for Deep inspection
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.