FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
iyotov
Staff
Staff
Article Id 189844

Description

 

This article shows how to import a certificate and private key by using CLI, and to configure it in the FortiManager GUI.
 
Scope
 
FortiAnalyzer.


Solution

 

Use the following CLI commands to import the certificate and private key:
 
config system certificate local
    edit <certificate name>
       set private-key "<key>"
       set certificate "<certificate>"
    next
end

Example:

config system certificate local
    edit "EXAMPLE2"
       set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIB0TCCATqgAwIBAgIIJk2JxB7189gwDQYJKoZIhvcNAQEFBQAwKzERMA8GA1UE
AwwIRm9ydGluZXQxFjAUBgNVBAoMDUZvcnRpbmV0IEx0ZC4wHhcNMTQxMDI5MTI0
MzI4WhcNMjQxMDI2MTI0MzI4WjArMREwDwYDVQQDDAhGb3J0aW5ldDEWMBQGA1UE
CgwNRm9ydGluZXQgTHRkLjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA40Jv
LhccTksm1ztodEHpYGhx08DFWq2eeFYhhEFgAgGkUapC+RC/JQNPvNJijt9zIsFE
xRHnrjqfFI6LeJJXJJNpBVFgJo5O5Zm8YjVsuTdU0W0Inw9/U/Nwj5Zeza/s3fUj
JLEG08DdQf0Pl18XYsfeDwMciyqtM/kFpISZyvcCAwEAATANBgkqhkiG9w0BAQUF
AAOBgQAdGyRDObO6ktAbUnUuORDKgLX1EWhuW6q9kay+jykZabLlb/YS3p1Mj4jn
7Blqa+G2XjXG5MmJqYr54TFOBVOSqZekrgOsBl5CAVwpSSd28w6cfisdKQjPzCbb
Qzl87DSJXIgShag+2iwE2+LIAAZtTnwReuc4KRHvAkxp89hC7g==
-----END ENCRYPTED PRIVATE KEY-----"

       set certificate "-----BEGIN CERTIFICATE-----
MIIDwDCCAqigAwIBAgIBEjANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UE
ChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4G
A1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMTAxMTE4MjI0MDU2WhcNMzgwMTE5MDMxNDA3WjCBljELMAkGA1UEBhMC
AaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEABwelWXWoxorM53jd
LM6WM3f9giz8r0s9NWQGHJtHbmczeu2dOVbDJ70UvJFIWrGcl0OLS21Z1ZjUsrVF
uOW1R7iInscbpygF5ON7Bfqm8yrbS7CmDaNnxwO+uKJVE973bbai+QMBhGVRa/qN
0O+d5gncEsJsRGRpiSV/FOgnuj+K34sjt3KWnl9nzwsWsriimVrWVuUdRNBzH3oN
/TQB3iVqO7r9//m21Xs/iDc4g843M+tyb+qzXMugQpqTCpJyu5h6ddOxk2aKqbtT
3dywc0hhvzZAXYeJbzkaDwWkpNUkbpyNmstTdq1eV9bpffpuJq+gflCeWWeaC/eY
JfhexQ==
-----END CERTIFICATE-----"
    next
end


Once the certificate is configured in CLI, the user will be able to use the certificate for the admin GUI.
For v7.2.x and below, go to System Settings -> Admin -> Admin Settings and select the certificate name from the drop-down list.

iyotov_FD38756_tn_FD38756-1.jpg

 

From CLI the command should be :

 

config system admin setting

(setting)# show
config system admin setting
    set admin_server_cert "fmg_global_cshare_net"
end

(setting)# set admin_server_cert ?
server.crt
fmg_global_cshare_net
Fortinet_Local2
Fortinet_Local

 

If the user is using the certificate for HTTPS for FQDN, log in using the IP Address. Then upload the custom certificate from the System Setting -> Certificates -> Upload -> Local Certificate.

 

Screenshot 2024-08-02 124844.png

 

From v7.4.x and onward, go to System Settings -> Settings and select the certificate name from the drop-down list.

 

2024-04-03 10_49_07-FortiManager-VM64_ 10.109.21.36 — Mozilla Firefox.png