Differences

This shows you the differences between two versions of the page.

Link to this comparison view

airwatch:install_fortigate_cert_ipads [2019/03/15 17:32] (current)
Line 1: Line 1:
 +======Installing the Default FortiGate SSL Cert on the iPads using AirWatch======
  
 +If using SSL inspection on a firewall policy, the FortiGate'​s SSL cert will need to be installed on the end devices. If the cert is not installed the device will display errors when attempting to access HTTPS websites. You can choose to continue to the website despite the error, however it is annoying to have to do so.
 +
 +//The FortiGate portion of this document is copied from [[http://​cookbook.fortinet.com/​preventing-certificate-warnings-54/​]]//​
 +
 +When full SSL inspection is used, your FortiGate impersonates the recipient of the originating SSL session, then decrypts and inspects the content. The FortiGate then re-encrypts the content, creates a new SSL session between the FortiGate and the recipient by impersonating the sender, and sends the content to the end user. This is the same process used in “man-in-the-middle” attacks, which is why a user’s device may show a security certificate warning.
 +
 +For more information about SSL inspection, see [[http://​cookbook.fortinet.com/​why-you-should-use-ssl-inspection/​|Why you should use SSL inspection]].
 +
 +Often, when a user receives a security certificate warning, they simply select Continue without understanding why the error is occurring. To avoid encouraging this habit, you can  prevent the warning from appearing in the first place.
 +
 +  - Generate a unique certificate on the FortiGate by running the following CLI command: ''​exec vpn certificate local generate default-ssl-ca''​
 +  - Download the certificate used for full SSL inspection from the FortiGate.
 +    - Go to **Security Profiles > SSL/SSH Inspection**. Use the dropdown menu in the top right corner to select **deep-inspection**,​ the profile used to apply full SSL inspection.
 +    - The default FortiGate certificate is listed as the CA Certificate. Select **Download Certificate**.
 +  - Create a profile in AirWatch to install the cert on the iPads.
 +    - Created a new profile and configure the **Credentials** option.
 +    - Set the **Credential Source** dropdown menu to **Upload**.
 +    - Click **Upload** and upload the newly downloaded cert file.
 +      - The **Credential Name** field should be automatically filled in and information about the cert displayed under the **Certificate** section. ​
 +    - Save and publish the profile. ​
 +      - You can verify the cert has been installed on an iPad by confirming that it is listed on the iPad in **Settings->​General->​Device Management->​Profile(Workspace Services)->​More Details**.
 +
 +
  • airwatch/install_fortigate_cert_ipads.txt
  • Last modified: 2019/03/15 17:32
  • (external edit)