Description
This article describes how to generate a web server certificate for the FortiManager or FortiAnalyzer using Windows PKI. This article covers how to set a server certificate installed on the FortiManager/FortiAnalyzer so that trusting connection can occur.
Solution
Generate a CSR toward the Certificate Authority as follows:
Click Download to get the CSR.
Extract the CSR and export it to the CS Certificate Authority.
Connect to the Certificate Authority.
Select Request a Certificate and advance certificate request.
Copy and paste the CSR request and use Web Server as Certificate Template as follows:
Download the certificate.
Download the generated certificate on the FortiManager or FortiAnalyzer.
The status of the certificate is now OK, as follows:
It is possible to install the root CA on the management station so that the Web Server can be validated.
To download the CA certificate, navigate to the certsrv and click on "Download a CA certificate" and then "Download CA certificate".
Then use the imported Certificate in your FMG or FAZ:
config system admin setting
set admin_server_cert "FMG-Cert"
end
set admin_server_cert "FMG-Cert"
end
Once completed, import it in the CA repository.
