Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1509
Views
0
Helpful
0
Replies

Duo - Certificate issue

17G
Level 1
Level 1

‎06-07-2018 12:02 AM

Hi

I am currently trialling Duo for my company and so far we like the product. One issue I am struggling with is certificates.

We have the Microsoft RDP client installed and working nicely 2FA’ing test users via push notifications on their iPhones. We have a feature on our Firewall to enable SSL deep packet inspection which has just been enabled (description below)

When full SSL inspection is used, the FortiGate impersonates the recipient of the originating SSL session, then decrypts and inspects the content. The FortiGate then re-encrypts the content, creates a new SSL session between the FortiGate and the recipient by impersonating the sender, and sends the content to the sender.

With this enabled, when the push notification is sent to an iPhone (on the WiFi) using the deep packet policy, the error ‘Invalid Certificate, The Certificate provided is invalid’ displays on the iPhone. I can bypass URLs for this feature of our firewall - What URLs should I white-list? I have tried white listing *.duosecurity.com but this doesn’t work and am not sure what URLs are used for incoming push notifications on the certificate.

Any suggestions on what URL I should be exempting?

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents