Technical Tip: Removal of default local certificates on FortiADC
Description
This article outlines that the deletion of the default local certificate on a FortiADC system is not permitted.
Scope
FortiADC.
Solution
All FortiADC platforms are provisioned with the following default certificates as explained below:
| Factory |
| Fortiadc_ssl |
| SSLPROXY_LOCAL_CA |
| HTTP2_RSA_2048 |
The default certificates cannot be deleted, even if they are not referenced by any configuration object. Deletion attempt via CLI will result in the error mentioned below:
(local) # delete Factory
Command fail. Return code is -42 (This entry is reserved by the system. It cannot be deleted.)
This is an expected behavior and should not be a cause for concern. If replacing the default self-signed local certificate is required, it is sufficient to update the relevant configuration to reference the newly imported certificate.
Related document:
Manage certificates - FortiADC 7.4.7 handbook