Thursday, May 17, 2018

FortiOs version 6.0 admin-cert keysize

The  admin-certificate for the webAdmin interface does not  seems to like 8k bit keysizes. I crafted a widlcard  AltName certificate and loaded with in the fortigate and select the cert and it spit out complaints in all of the browsers with SSL protocol can not be negotiated.

{ NOTE: the webgui certificate details will not show the or list the keysize, use openssl, gnutls-cli or openssl }

Now here's a 4096 bit keysize being deployed in a FortiGate version 6.0 and it has no issues. So 2/4k bit keysizes seems to be the only support certificate sizes at this time.

Thinking  it  was maybe due to it being a SANs certificate, I craft a nonSAN and had the same issues so 8k bit size is a nogo for the admin certificates.

 I will  test the same certificate for SSLVPN later in the month.

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment