Protecting SSL Server Let's Encrypt - How this is working?

Forum|Forum|5 years ago
May 26, 2021
1 reply
3219 views

Hello all,

i would like to enable SSL Deepinspection from WAN to internal/DMZ. Called "Protecting SSL Server". Here is the Link to the Docs: https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/055107/protecting-an-ssl-server

I understand what i have to do. I have to import all servers real certificates with the private keys. I have done this successfully with an purchased from Digicert. This works perfectly for one of my DMZ Servers.

But what about Let's Encrypt? I would have to change the certificate every 3 months. This means that the certificates of all servers are automatically renewed. Then I have to export them from there and import them into Fortigate. Is there no better way? Or am I understanding this wrong?

FortiOS7.0

Very Thanks

IPRanger

Best answer by emnoc

Yes no matter where you get the certificate you need to renew it and before it expires. You can look at the acme client support in fortios7

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/822087/acme-certificate-support

It's quite easier, but what we do is have a server that builds the certificate and we import it into our fortigates via ansible job.

Ken Felix

emnocAnswer

New Member

Yes no matter where you get the certificate you need to renew it and before it expires. You can look at the acme client support in fortios7

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/822087/acme-certificate-support

It's quite easier, but what we do is have a server that builds the certificate and we import it into our fortigates via ansible job.

Ken Felix

iprangerAuthor

New Member

Thanks for that information. So we have some things to do :)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded