Technical Tip: Issue using custom server certificate for GUI or HTTPS access in HA setup
| Description | This article describes the issue of using a server certificate for GUI or HTTPS access to FortiGate(s) in HA setup. When a custom server certificate is used for GUI or HTTPS access to FortiGate, this configuration is synced to the other members of the cluster as well.
So if FQDN or IP addresses are used to access FortiGate, since the FQDN or IP addresses are different and if the certificate has only one FQDN or IP address added as the CN (Common Name), CN mismatch (invalid certificate error) while accessing the FortiGate. |
| Scope | FortiOS. |
| Solution | Example: If the FortiGate(s) access details are as follows:
Fortigate-1: fqdn- fortigate1.xyz.com (192.168.1.1) and Fortigate-1: fortigate2.xyz.com (192.168.1.2)
It is possible to use a wildcard certificate with fqdn: *.xyz.com or with both fqdn added as CN in the certificate, which holds good for both the FortiGate(s) in HA.
Related documents: Using the default certificate for HTTPS administrative access |
