Certificate Operations

Configure SSL Certificate Inspection 

1. Fortinet uses digital certificates privacy and authentication. 

2. Security Profile > SSL/SSH Inspection 

3. Select Multiple Clients Connecting to Multiple Servers 

4. Select SSL Certificate Inspection 

Configure Full SSL Inspection on Outbound Traffic: 

1. Security Profile > SSL/SSH Inspection 

2. Select Multiple Clients Connecting to Multiple Servers 

3. Select Full SSL Inspection 

4. Select CA certificate: Fortinet_CA_SSL 

Untrusted Certificate 

• Security Profile > SSL/SSH Inspection. 

• Allow, block or ignore actions for untrusted certificates 

• This option is available if Multiple Clients Connecting to Multiple Servers. 

• Allow will send the browser an untrusted temporary digital certificate 

• Block will block the connection to the server with the untrusted certificate 

• Ignore uses a trusted FortiGate certificate to replace the certificate, when the server certificate is untrusted. 

Exempting Sites from SSL Inspection 

• Except traffic for legal reasons 

• Except traffic based on web category 

• Go to, Security Profiles > SSL/SSH Inspection > Exempt from SSL Inspection (choose web categories or addresses) 

Invalid Certificate 

• FortiGate can check whether a certificate is valid or not. 

• To customized the check actions, Security Profiles > SSL/SSH Inspection > under Invalid SSL Certificate