Fortigate How-To: Basic Web Filtering – Certificate Import

Last time, I created policy to deploy web filtering. It filters unwanted website(eg. youtube), but the error page showed “Chrome blocked” and not informative. In this post, I will import the certificate so that the intended block pages are displayed.


Download Certificate

Security Profiles > SSL/SSH Inspection


Select the profile you are using in the policy(in my case, default). And click “Download Certificate” to start download.

If you are using AD, you can use Group Policy to install this certificate to your PCs.


Import Certificate

This is done on the client(this time WindowsVM).

Open Chrome > Settings > Advanced > Manage Certificates

Select “Trusted Root Certification Aithorities” Tab. Then click “Import”

Follow the instruction to import the certificate which you downloaded in the previous section.


Once it’s imported, re-launch the chrome.

And try one of the site which is supposed to be blocked…


Yes, and now it shows the genuine “Block” page now.