Generating new Fortinet_CA_SSL certificate

Forum|Forum|6 years ago
October 10, 2019
1 reply
6890 views

So I have a problem. When we deployed several 60E devices, we worked with Fortinet to create a "golden config." It allowed us to put a basic config on a USB stick, only changing certain variables such as hostname, IP address, gateway IP, VLAN info, etc for each one before installing it using the USB boot install.

The problem is, when they downloaded that first config for us from the first device we deployed, they didn't flag the Fortinet_CA_SSL certificate as one of the variables that needed to change with each one. So every 60E now has the same default SSL cert that the first 60E ployed has - so all of them are identical. Instead of each SSL cert showing the serial of that unique device, they have the serial of the first 60E.

So my question is, is there a way to regenerate that certificate or generate a new one so that each 60E has it's own unique default SSL certificate again?

SSL

ede_pfau

SuperUser

Happened to me as well, oh my.

One fix:

- get the config

- delete the blocks "config vpn cert" and "config firewall ssl"

- restore this

I haven't tried this on a 'botched' FGT but I've used this procedure when cloning.

Second fix:

exec vpn certificate local generate default?

for ssl-ca, ssl-ca-untrusted, ssl-key-certs or ssl-serv-key.

Again, lacking a msiconfigured cloned FGT atm, haven't tried it out.

If you do, please post your findings.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded