Is it possible to add a wildcard certificate to FortiGate SSL VPN ?

Forum|Forum|3 years ago
October 15, 2022
1 reply
6449 views

Hi

I have SSL VPN configured and working using a Let's Encrypt certificate. It has been configured for a FQDN (vpn1.domain.com) that points to IP address at Fortigate port1 interface.

Now I have a second ISP connection on port2 and want to listen to SSL VPN connections on port2 also.

Fortigate part is simple. Just add interface to "Listen on Interace(s)" field. FortiClient part is also simple. Just add a second remote gateway using a new FQDN (vpn2.domain.com) that points to port2 IP address.

But server certificate used for SSL VPN profile just points to vpn1.domain.com. For any reason that FortiClient connects to port2 (vpn2.domain.com) a certificate warning is issued.

Add a wildcard certificate is not possible.

Is there any way to avoid this warning using a certificate issued by Let's Encrypt and managed by FortiOS (including automatic renewal) ?

Or I have to issue a wildcard certificate by myself, load into FortiGate and renew it by myself ?

Thanks in advance.

Best answer by scan888

Hello,

This situation is not possible to solve with ACME. Because, FortiGate only supports single Domainname requests over ACME.

You have two options:

1. Buy an SAN Certificate from a Certificate Authority (like godaddy).

2. Disable certificates warning on the FortiClient.

Or you contact your local SE to open a feature request for SAN ACME certificate.

scan888Answer

New Member

Hello,

This situation is not possible to solve with ACME. Because, FortiGate only supports single Domainname requests over ACME.

You have two options:

1. Buy an SAN Certificate from a Certificate Authority (like godaddy).

2. Disable certificates warning on the FortiClient.

Or you contact your local SE to open a feature request for SAN ACME certificate.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded