Thursday, May 17, 2018

FortiOs version 6.0 admin-cert keysize

The  admin-certificate for the webAdmin interface does not  seems to like 8k bit keysizes. I crafted a widlcard  AltName certificate and loaded with in the fortigate and select the cert and it spit out complaints in all of the browsers with SSL protocol can not be negotiated.



{ NOTE: the webgui certificate details will not show the or list the keysize, use openssl, gnutls-cli or openssl }




Now here's a 4096 bit keysize being deployed in a FortiGate version 6.0 and it has no issues. So 2/4k bit keysizes seems to be the only support certificate sizes at this time.






Thinking  it  was maybe due to it being a SANs certificate, I craft a nonSAN and had the same issues so 8k bit size is a nogo for the admin certificates.













 I will  test the same certificate for SSLVPN later in the month.







NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \
 







Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)