Fortinet 283 FortiWeb 5.0 Patch 6 Administration Guide
6. Click Create New.
A dialog appears.
7. In ID, enter the index number of the host entry within the group, or keep the field’s default
value of auto to let the FortiWeb appliance automatically assign the next available index
number.
8. In CA, select the name of a certificate authority’s certificate that you previously uploaded
and want to add to the group.
9. Click OK.
10.Repeat the previous steps for each CA that you want to add to the group.
11.To apply a CA group, select it in a certificate verification rule (see “Configuring FortiWeb to
validate client certificates” on page 316).
See also
•Configuring FortiWeb to validate client certificates
How to offload or inspect HTTPSWhether offloading or merely inspecting for HTTPS, FortiWeb must have a copy of your
protected web servers’ X.509 server certificates. FortiWeb also has its own server certificate,
which it uses to prove its own identity.
Which certificate will be used, and how, depends on the purpose.
•For connections to the web UI — The FortiWeb appliance presents its own (“default” or
“Fortinet_Factory”) certificate.
•For SSL offloading or SSL inspection — Server certificates do not belong to the FortiWeb
appliance itself, but instead belong to the protected web servers. FortiWeb uses the web
server’s certificate because it either acts as an SSL agent for the web server, or is privy to its
secure connections for the purpose of scanning. You must select which one the FortiWeb
appliance will use when configuring Certificate in a policy (see “Configuring a server policy”
on page 483) or Certificate File in a server farm (see “Uploading a server certificate” on
page 289).
System > Certificates > Local displays all X.509 server certificates that are stored locally, on the
FortiWeb appliance, for the purpose of offloading or scanning HTTPS.
The FortiWeb appliance’s default certificate does not appear in the list of locally stored
certificates. It is used only for connections to the web UI and cannot be removed.