Skip to main content
vishal
vishal
Visitor III
May 10, 2022
Solved

Wild card certificate for admin login gui

  • May 10, 2022
  • 3 replies
  • 6761 views

Hi all,

 

Will wild card certificate works for admin login GUI ?. Please note here im not generating any CSR and will import a wildcard cert provided by customer into fortigate local certificate and then in Settings>> Administrator settings. PFA imagefortigate admin certificate.jpg

 

Pls advise

Best answer by kvimaladevi

Hi Vishal,

 

It is not mandatory for the CSR to be generated from Fortigate only. You can generate it from any 3rd party as well to get the certificate. As you already have the certificate, you can upload, it will work.

3 replies

kvimaladevi
Staff
kvimaladevi
Staff
May 10, 2022

Hi Vishal,

 

Yes you can install a wildcard certificate for the Fortigate Web UI. You can get the certificate bundle from your customer which will have the server, intermediate, root and private key that is chained and formed as a certificate.

Once you have that, you can upload it to the Fortigate following the below link:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/825073/purchase-and-import-a-signed-ssl-certificate

Instead of choosing CA certificate while uploading, you can choose certificate and upload it. Once it is successfully uploaded, you can map it to the administrator GUI access in the GUI by changing the  HTTPS server certificate.

    vishal
    vishalAuthor
    Visitor III
    May 10, 2022

    hi @kvimaladevi 

     

    Thank for your reply. As per your statement "you can choose certificate and upload it. Once it is successfully uploaded, you can map it to the administrator GUI access in the GUI by changing the  HTTPS server certificate.Would i need to upload certificate in local certificate section  ?.

     

    Also regarding statement "You can get the certificate bundle from your customer which will have the server, intermediate, root and private key that is chained and formed as a certificate." What will be certificate extension which i have to upload it ?

     

    Pls response it would be a great help to me.

    kvimaladevi
    Staff
    kvimaladevi
    Staff
    May 11, 2022

    Hi Vishal,

    Yes, you can upload it in the local section. You will get an option to upload the certificate and the private key separately. You can have the private key alone in a separate file and upload it in the key file section, the other 3 in a different file(server, intermediate and root) and upload it as certificate. 

    You can use .pem format. 

    kvimaladevi
    Staff
    kvimaladevi
    Staff
    May 11, 2022

    Hi Vishal,

    Let me explain it clearly. You will have the certificate bundle from your client. It will have server, intermediate, root and private key. Copy the server, intermediate and root certificates and paste it in a notepad and save it in .pem format. Similarly, copy the private key alone in a separate notepad and save it.

    Please refer to the below picture:

    certificate pic.PNG

    In the certificate file option, upload the certificate, in the key file option, upload the key file. If your client has mentioned any password while generating the CSR, please mention that password in the password field. If there is no password, you can leave that blank and click OK.

    Once this certificate is uploaded, you can map it to the administrator GUI access in the GUI by changing the HTTPS certificate to the upload certificate.

    vishal
    vishalAuthor
    Visitor III
    May 11, 2022

    @kvimaladevi 

     

    Thank you for your explanation it really seems helpful. One last question.. as you mentioned "If your client has mentioned any password while generating the CSR" But i have not generated any CSR from fortigate and will directly upload wildcard cert into Fortigate. Hope it will work.

    kvimaladevi
    Staff
    kvimaladevi
    Staff
    May 12, 2022

    Hi Vishal,

     

    Initially while creating the certificate you would have generated a CSR and then would have given it to the CA. While generating if you have given any password, you can mention the same while uploading that certificate. If you have not given any password, you can ignore that field. 

    sw2090
    SuperUser
    sw2090
    SuperUser
    May 12, 2022

    As long as the wildcard cert matches your FGT hostname/ip why should it not work. 

    However it is overkill someway :)

    CSR is only mandatory for specific kinds of certs like a subca for deep inspection because you need to have the private key etc here. Its not needed for SSL certs like you need for the webinterface.

    Terms & ConditionsAccessibility statement