Server Certificates
In FortiOS 5.2, two methods are available to support server certificates and allow inbound traffic to be inspected: Multiple Clients Connecting to Multiple Servers (re-sign in the CLI) or Protecting SSL Server (replace in the CLI).
The default setting for SSL Inspection is Multiple Clients Connecting to Multiple Servers.This setting can be changed by going to Policy & Objects > Policy > SSL Inspection or through the CLI.
Syntax
• Uploading a new server certificate:
config firewall ssl-ssh-profile
edit <name>
set server-cert-mode replace
set server-cert <certificate>
end
end
• Re-signing the server certificate:
config firewall ssl-ssh-profile
edit <name>
set server-cert-mode re-sign
set caname <name>
set certname <name>
end
end