FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mdeparisse_FTNT
Article Id 197370

Description


This article describes how to generate a web server certificate for the FortiManager or FortiAnalyzer using Windows PKI. This article covers how to set a server certificate installed on the FortiManager/FortiAnalyzer so that a trusting connection can occur.

Solution

 

Generate a CSR toward the Certificate Authority as follows:
 
CSR.png

A SAN or subject alternative name is a formatted way to indicate all of the domain names and IP addresses that are secured by the certificate

For Chrome 58 and later, only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate

Give the Subject Alternative Name "SAN" domain name and IP without spaces and separated by a comma.
A name can be:
 
e-mail address.
IP address.
URI.
DNS name (alternatives to the Common Name).
directory name (alternatives to the Distinguished Name).

Precede the name with the name type. Examples:

IP:1.1.1.1
email:test@fortinet.com
email:my@other.address
URI:http://my.url.here/
 
For example: DNS:fortinet.com,IP:1.1.1.1
Select Download to get the CSR.
 
 
 
Extract the CSR and export it to the CS Certificate Authority.
 
 
Connect to the Certificate Authority.
 
 
Select Request a Certificate and advance certificate request.
'Copy and paste' the CSR request and use Web Server as Certificate Template as follows:
 
 
 
Download the certificate.
 
 
Download the generated certificate on the FortiManager or FortiAnalyzer.
 
 
The status of the certificate is now OK, as follows:
 
 
 
It is possible to install the root CA on the management station so that the Web Server can be validated.
To download the CA certificate, navigate to the certsrv and choose 'Download a CA certificate' and then 'Download CA certificate'.
 
 
Then use the imported Certificate in the FortiManager or FortiAnalyzer:
 
config system admin setting
      set admin_server_cert "FMG-Cert"
   end
 
Once completed, import it into the CA repository.
 
 
Related articles: