Technical Tip: How to generate CSR and import a certificate to FortiManager/FortiAnalyzer using API

1. Log in to FortiManager/FortiAnalyzer using Cross-Site Request Forgery (CSRF) Token: Refer to the article: Technical Tip: How to log in to FortiManager/FortiAnalyzer using API with CSRF cookies.
2. Generate a Certificate Signing Request (CSR): Use the query below with the required certificate details to generate a CSR.

POST: https://{{host}}/cgi-bin/module/flatui_proxy

{

    "method": "post",

    "url": "/gui/sys/certificate/generate",

    "params": {

        "gen_name": "{{CERT_NAME}}",

        "id_type": 1,

        "gen_subject": "{{CERT_SUBJECT}}",

        "gen_unit": ["{{OU}}"],

        "gen_org": "{{ORG}}",

        "gen_city": "{{CITY}}",

        "gen_state": "{{STATE}}",

        "gen_country": "{{COUNTRY}}",

        "gen_email": "{{EMAIL}}",

        "gen_subj_alt_name": "",

        "key_type": 1,

        "gen_size": 2048,

        "curve_name": "secp256r1",

        "enroll_method": 0,

        "gen_url": "",

        "challenge_password": ""

    }

}

3. View the CSR: POST: https://{{host}}/cgi-bin/module/forward.

• For v7.6: https://{{host}}/cgi-bin/module/flatui/forward.

{

    "method": "get",

    "params": [

        {

            "url": "/cli/global/system/certificate/local/{{CERT_NAME}}",

            "option": [

                "get certinfo"

            ]

        }

    ],

    "id": "1"

}

4. Download the CSR: POST: https://{{host}}/cgi-bin/module/flatui_proxy.

{

    "method": "download",

    "url": "/gui/sys/certificate/local/entry",

    "params": {

        "key": "{{CERT_NAME}}"

    }

}

5. Get the CSR signed by a Certificate Authority (CA). The same CA root certificate should be present in the FortiAnalyzer/FortiManager as the Local CA Certificate.
6. Import the signed cert back to FortiManager/FortiAnalyzer. Create a form-data request with the following information (Refer to the attached Postman Collection):

POST: https://{{host}}/flatui/api/gui/system/certification/local

| Key                 | Value               | Type |

| ------------------- | ------------------- | ---- |

| cert_name           | {{CERT_NAME}}       | Text |

| cert_key_name       | (leave empty)       | Text |

| password            | (leave empty)       | Text |

| csrfmiddlewaretoken | {{csrf_token}}      | Text |

| csrf_token          | {{csrf_token}}      | Text |

| filepath            | Select Cert file    | File |

Related documents:

Certificates

Technical Tip: Using FortiManager API
Fortinet Development Network (FNDN) - FortiAnalyzer

Technical Tip: Certificate Generation with FIPS Enabled on FortiAnalyzer and FortiGate

Technical Tip: How to generate certificates using OpenSSL

Creating certificates with XCA