FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 197370


This article describes how to generate a web server certificate for the FortiManager or FortiAnalyzer using Windows PKI. This article covers how to set a server certificate installed on the FortiManager/FortiAnalyzer so that a trusting connection can occur.



Generate a CSR toward the Certificate Authority as follows:

For Chrome 58 and later, only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate

Give the Subject Alternative Name "SAN" domain name and IP without spaces and separated by a comma.
A name can be:
e-mail address.
IP address.
DNS name (alternatives to the Common Name).
directory name (alternatives to the Distinguished Name).

Precede the name with the name type. Examples:

For example:,IP:
Select Download to get the CSR.
Extract the CSR and export it to the CS Certificate Authority.
Connect to the Certificate Authority.
Select Request a Certificate and advance certificate request.
'Copy and paste' the CSR request and use Web Server as Certificate Template as follows:
Download the certificate.
Download the generated certificate on the FortiManager or FortiAnalyzer.
The status of the certificate is now OK, as follows:
It is possible to install the root CA on the management station so that the Web Server can be validated.
To download the CA certificate, navigate to the certsrv and choose 'Download a CA certificate' and then 'Download CA certificate'.
Then use the imported Certificate in the FortiManager or FortiAnalyzer:
config system admin setting
      set admin_server_cert "FMG-Cert"
Once completed, import it into the CA repository.
Related articles: