Created on 05-01-2019 12:15 PM Edited on 12-08-2022 02:56 AM By Anthony_E
Description
Scope
Solution
config system certificate oftpset custom enableset certificate " --" ---->> PEM format certificate.
set set private-key " -- " ---->> PEM format private key.password <> ---->> Password for encrypted 'private-key', unset for non-encrypted.
end
Alternative FortiAnalyzer configuration:
This alternative method explains how to use any previously imported Local Certificate for OFTP.
Use the following CLI commands in order to change the certificate used on OFTP port TCP/514:
# config system certificate oftp
set mode local
set local "<LOCAL_CETRIFICATE_NAME>"
end
Note:
This option is often used to replace the embedded SHA1 certificate of the older FortiAnalyzer hardware platforms (for example E-series), where the BIOS certificate is SHA1, but there is also a firmware updated SHA256 default local certificate, named 'Fortinet_Local'.
This certificate also contains the unit serial number in the CN field, which allows the FortiAnalyzer certificate verification to remain enabled on the FortiGates.
After changing this configuration, restart the 'oftpd' process in order for the changes to take effect:
# diag test application oftpd 99
(Or reboot the FortiAnalyzer).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.