Why does the browser report certificate warning errors when using full SSL inspection on FortiGate?

When using full SSL inspection on FortiGate, the browser reports certificate warning errors primarily because it does not trust the certificate used by FortiGate for SSL inspection. This situation arises because FortiGate acts as a man-in-the-middle (MITM) when performing SSL inspection. It intercepts the secure connection between the client and the server, decrypts the traffic to inspect it, and then re-encrypts it before sending it to the client.

To facilitate this decryption process without triggering security alarms, FortiGate generates its own SSL certificate that the browser must trust to avoid warnings. If the client device has not been configured to trust the FortiGate issued certificate—often because it has not been installed in the trusted root certificate store—it will generate a warning, indicating that the security of the connection cannot be verified.

Other options do not effectively explain the source of the certificate warning. For instance, the first choice about the browser not supporting HTTPS is incorrect, as modern browsers universally support HTTPS. The possibility of SSL inspection being configured incorrectly could lead to other issues but is not the direct cause of the trust error. Finally, unsupported encryption methods by the website would typically not trigger a certificate warning on the browser; instead, it would lead to