Skip to main content
sharmaj
Staff
sharmaj
Staff
December 30, 2021

Technical Tip: Using Local CA certificate in Fortigate to FortiManager for TLS handshake

  • December 30, 2021
  • 0 replies
  • 3633 views
Description This article describes how to use the external CA certificate on FortiGate for the communication between the FortiGate and FortiManager.
Scope FortiGate
Solution

It is possible to use the external CA certificate for the TLS communication between the Fortigate and Fortimanager on port 541.

 

 

1) First, generate a CSR on the FortiGate and get that signed by the external CA.

 

2) Now, import the certificate onto the FortiGate, where local and remote CA certificates will be imported separately.

 

3) Further on, you need to go to the CLI and run the following commands:

 

# config system central-managemen
    set local-cert 'define the certificate you need to use {string}
    set ca-cert 'define the external root CA' {user}.

 

Note.

 

1) It is not necessary to add the certificate to the trust list of Fortimanager or vice versa if the External CA signing the certificate for both the units is the same.

 

2) This feature to use set ca-cert is above the 6.4 version of FortiGate only.
References

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/645186/generating-a-csr-on-a-fortigate

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-generate-CSR-and-export-it-with-private-key/ta-p/192834?externalID=FD48852

 

https://docs.fortinet.com/document/fortigate/6.4.8/cli-reference/84620/config-system-central-management
Terms & ConditionsAccessibility statement