SSL/SSH profile certificate handling changes (373835)

Leave a reply

SSL/SSH profile certificate handling changes (373835)

In order to support DSA and ECDSA key exchange (in addition to RSA) in SSL resign and replace mode, CLI commands for deep-inspection have changed. The certname command in ssl-ssh-profile has been removed.

To select from the list of available certificates in the system, use the CLI below.

edit deep-inspection set server-cert-mode re-sign set certname-{rsa | dsa | ecdsa}

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.