Fortigate SSL invalid-untrusted-cert with Digicert

Fortigate SSL invalid-untrusted-cert with Digicert

^{Created: 2023-06-28 23:23:52 | Last modified: 2023-06-28 23:39:56}
^{Access: Read}^{| Views: 39}^{| Rating: N/A}^{| Tags:}
After a recent upgrade of FortiOS to version 6.2.15, we are now getting invalid-untrusted-certs to websites that use Digicert certificates

Issue

After a recent upgrade of FortiOS to version 6.2.15 we started seeing invalid-untrusted-cert errors in the SSL log, some users couldn't access some websites signed with Digicert certificates.

We worked around the issue by allowing invalid certificates, this was done by going to Security Profiles => SSL/SSH Inspection and creating a new profile that allowed invalid certificates.

According to Fortinet support, the Fortigate upgraded caused the Digicert CA certificate to disappear. The fix is to reinstall the CA certificate using the instructions outlined below.

Fortigate SSL invalid-untrusted-cert with Digicert

Issue

Fix