Page 99
Secure connections and certificates
When a FortiRecorder appliance initiates or receives an SSL or TLS connection, it will use
certificates. Certificates can be used in secure connections for:
• encryption
• authentication of servers
Supported cipher suites & protocol versions
How secure is an HTTPS connection?
A secure connection’s protocol version and cipher suite, including encryption bit strength and
encryption algorithms, is negotiated between the client and the SSL terminator during the
handshake. (When you connect to the web UI via HTTPS, your FortiRecorder appliance is the
SSL terminator.) matrwoafoatwch ufoa hnbofTwo frbcaaPf dafcaowv fIasanIof.e dfenf daf
rssvhrntafrnIfuewcfga.f.cegoac lf
FortiRecorder may require you to upload certificates and CRLs even if you do not use HTTPS.
For example, when sending alert email via SMTPS, or querying an authentication server via
LDAPS, FortiRecorder will validate the server’s certificate by comparing the server certificate’s
CA signature with the certificates of CAs that are known and trusted by the FortiRecorder
appliance. See “Uploading trusted CAs’ certificates” and “Revoking certificates”.
To Next Page
Loading...